CVE-2024-41081

MEDIUM EPSS 18.2%
Published Jul 29, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 29, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ila: block BH in ila_output() As explained in commit 1378817486d6 ("tipc: block BH before using dst_cache"), net/core/dst_cache.c helpers need to be called with BH disabled. ila_output() is called from lwtunnel_output() possibly from process context, and under rcu_read_lock(). We might be interrupted by a softirq, re-enter ila_output() and corrupt dst_cache data structures. Fix the race by using local_bh_disable().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
18.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥4.10  –  <4.19.319
linuxlinux_kernel*≥4.20  –  <5.4.281
linuxlinux_kernel*≥5.5  –  <5.10.223
linuxlinux_kernel*≥5.11  –  <5.15.164
linuxlinux_kernel*≥5.16  –  <6.1.101
linuxlinux_kernel*≥6.2  –  <6.6.42
linuxlinux_kernel*≥6.7  –  <6.9.11
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/522c3336c2025818fa05e9daf0ac35711e55e316
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7435bd2f84a25aba607030237261b3795ba782da
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/96103371091c6476eb07f4c66624bdd1b42f758a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9f9c79d8e527d867e0875868b14fb76e6011e70c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a0cafb7b0b94d18e4813ee4b712a056f280e7b5a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b4eb25a3d70df925a9fa4e82d17a958a0a228f5f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cf28ff8e4c02e1ffa850755288ac954b6ff0db8c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/feac2391e26b086f73be30e9b1ab215eada8d830
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/522c3336c2025818fa05e9daf0ac35711e55e316
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7435bd2f84a25aba607030237261b3795ba782da
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/96103371091c6476eb07f4c66624bdd1b42f758a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9f9c79d8e527d867e0875868b14fb76e6011e70c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a0cafb7b0b94d18e4813ee4b712a056f280e7b5a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b4eb25a3d70df925a9fa4e82d17a958a0a228f5f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cf28ff8e4c02e1ffa850755288ac954b6ff0db8c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/feac2391e26b086f73be30e9b1ab215eada8d830
    Patch