CVE-2024-42250

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-42250

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42250.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-42250

Downstream

BELL-CVE-2024-42250

DEBIAN-CVE-2024-42250

DLA-4008-1

OESA-2024-2124

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

UBUNTU-CVE-2024-42250

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Related

Published

2024-08-07T16:15:47Z

Modified

2025-08-09T20:01:27Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

cachefiles: add missing lock protection when polling

Add missing lock protection in poll routine when iterating xarray, otherwise:

Even with RCU read lock held, only the slot of the radix tree is ensured to be pinned there, while the data structure (e.g. struct cachefilesreq) stored in the slot has no such guarantee. The poll routine will iterate the radix tree and dereference cachefilesreq accordingly. Thus RCU read lock is not adequate in this case and spinlock is needed here.

References

Affected packages