CVE-2024-38580

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38580

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38580.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-38580

Downstream

BELL-CVE-2024-38580

DEBIAN-CVE-2024-38580

OESA-2024-2076

RHSA-2024:4928

SUSE-SU-2024:2360-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2381-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2561-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2973-1

UBUNTU-CVE-2024-38580

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

USN-7007-1

USN-7007-2

USN-7007-3

USN-7009-1

USN-7009-2

USN-7019-1

Related

Published

2024-06-19T14:15:18Z

Modified

2025-08-09T20:01:25Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

epoll: be better about file lifetimes

epoll can call out to vfspoll() with a file pointer that may race with the last 'fput()'. That would make fcount go down to zero, and while the ep->mtx locking means that the resulting file pointer tear-down will be blocked until the poll returns, it means that f_count is already dead, and any use of it won't actually get a reference to the file any more: it's dead regardless.

Make sure we have a valid ref on the file pointer before we call down to vfs_poll() from the epoll routines.

References

Affected packages