CVE-2024-41005
- Source
- https://cve.org/CVERecord?id=CVE-2024-41005
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41005.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-41005
- Downstream
- Related
- Published
- 2024-07-12T12:44:40.467Z
- Modified
- 2026-03-13T07:56:07.263223Z
- Summary
- netpoll: Fix race condition in netpoll_owner_active
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netpoll: Fix race condition in netpollowneractive
KCSAN detected a race condition in netpoll:
BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)<snip> read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2: netpollsendskb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393) netpollsendudp (net/core/netpoll.c:?) <snip> value changed: 0x0000000a -> 0xffffffff
This happens because netpollowneractive() needs to check if the current CPU is the owner of the lock, touching napi->pollowner non atomically. The ->pollowner field contains the current CPU holding the lock.
Use an atomic read to check if the poll owner is the current CPU.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41005.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/3f1a155950a1685ffd0fd7175b3f671da8771f3d
- https://git.kernel.org/stable/c/43c0ca793a18578a0f5b305dd77fcf7ed99f1265
- https://git.kernel.org/stable/c/96826b16ef9c6568d31a1f6ceaa266411a46e46c
- https://git.kernel.org/stable/c/a130e7da73ae93afdb4659842267eec734ffbd57
- https://git.kernel.org/stable/c/c2e6a872bde9912f1a7579639c5ca3adf1003916
- https://git.kernel.org/stable/c/efd29cd9c7b8369dfc7bcb34637e6bf1a188aa8e
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41005.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-41005
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced89c4b442b78bdba388337cc746fe63caba85f46cFixed43c0ca793a18578a0f5b305dd77fcf7ed99f1265Fixedefd29cd9c7b8369dfc7bcb34637e6bf1a188aa8eFixed96826b16ef9c6568d31a1f6ceaa266411a46e46cFixed3f1a155950a1685ffd0fd7175b3f671da8771f3dFixeda130e7da73ae93afdb4659842267eec734ffbd57Fixedc2e6a872bde9912f1a7579639c5ca3adf1003916