DEBIAN-CVE-2024-40935
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2024-40935
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-40935.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-40935
- Upstream
- Published
- 2024-07-12T13:15:16Z
- Modified
- 2025-09-19T07:33:59.831091Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: cachefiles: flush all requests after setting CACHEFILESDEAD In ondemand mode, when the daemon is processing an open request, if the kernel flags the cache as CACHEFILESDEAD, the cachefilesdaemonwrite() will always return -EIO, so the daemon can't pass the copen to the kernel. Then the kernel process that is waiting for the copen triggers a hungtask. Since the DEAD state is irreversible, it can only be exited by closing /dev/cachefiles. Therefore, after calling cachefilesioerror() to mark the cache as CACHEFILESDEAD, if in ondemand mode, flush all requests to avoid the above hungtask. We may still be able to read some of the cached data before closing the fd of /dev/cachefiles. Note that this relies on the patch that adds reference counting to the req, otherwise it may UAF.
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.99-1
Affected versions
6.*
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:11 / linux-6.1
Package
- Name
- linux-6.1
- Purl
- pkg:deb/debian/linux-6.1?arch=source