CVE-2024-35874

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35874
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35874.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-35874
Downstream
Published
2024-05-19T08:34:31Z
Modified
2025-10-17T03:46:13.328194Z
Summary
aio: Fix null ptr deref in aio_complete() wakeup
Details

In the Linux kernel, the following vulnerability has been resolved:

aio: Fix null ptr deref in aio_complete() wakeup

listdelinit_careful() needs to be the last access to the wait queue entry - it effectively unlocks access.

Previously, finishwait() would see the empty list head and skip taking the lock, and then we'd return - but the completion path would still attempt to do the wakeup after the taskstruct pointer had been overwritten.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
71eb6b6b0ba93b1467bccff57b5de746b09113d2
Fixed
9678bcc6234d83759fe091c197f5017a32b468da
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
71eb6b6b0ba93b1467bccff57b5de746b09113d2
Fixed
caeb4b0a11b3393e43f7fa8e0a5a18462acc66bd

Affected versions

v6.*

v6.7
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.9-rc1

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.8.5