摘要:
In the Linux kernel, the following vulnerability has been resolved:cachefiles: add missing lock protection when pollingAdd missing lock protection in poll routine when iterating xarray,otherwise:Even with RCU read lock held, only the slot of the radix tree isensured to be pinned there, while the data structure (e.g. structcachefiles_req) stored in the slot has no such guarantee. The pollroutine will iterate the radix tree and dereference cachefiles_reqaccordingly. Thus RCU read lock is not adequate in this case andspinlock is needed here.
安全等级: Low
公告ID: KylinSec-SA-2024-3592
发布日期: 2024年9月3日
关联CVE: CVE-2024-42250
In the Linux kernel, the following vulnerability has been resolved:cachefiles: add missing lock protection when pollingAdd missing lock protection in poll routine when iterating xarray,otherwise:Even with RCU read lock held, only the slot of the radix tree isensured to be pinned there, while the data structure (e.g. structcachefiles_req) stored in the slot has no such guarantee. The pollroutine will iterate the radix tree and dereference cachefiles_reqaccordingly. Thus RCU read lock is not adequate in this case andspinlock is needed here.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-42250 | KY3.4-5A | kernel | Unaffected |
| CVE-2024-42250 | KY3.5.2 | kernel | Unaffected |
