CVE-2024-38580

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-38580
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38580.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-38580
Downstream
Related
Published
2024-06-19T13:37:37.840Z
Modified
2025-11-28T02:34:06.941382Z
Summary
epoll: be better about file lifetimes
Details

In the Linux kernel, the following vulnerability has been resolved:

epoll: be better about file lifetimes

epoll can call out to vfspoll() with a file pointer that may race with the last 'fput()'. That would make fcount go down to zero, and while the ep->mtx locking means that the resulting file pointer tear-down will be blocked until the poll returns, it means that f_count is already dead, and any use of it won't actually get a reference to the file any more: it's dead regardless.

Make sure we have a valid ref on the file pointer before we call down to vfs_poll() from the epoll routines.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38580.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e
Fixed
559214eb4e5c3d05e69428af2fae2691ba1eb784
Fixed
4f65f4defe4e23659275ce5153541cd4f76ce2d2
Fixed
16e3182f6322575eb7c12e728ad3c7986a189d5d
Fixed
4efaa5acf0a1d2b5947f98abb3acf8bfd966422b

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.161
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.93
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.33
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.12