CVE-2024-41932

MEDIUM EPSS 8.7%
Published Jan 11, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 11, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: sched: fix warning in sched_setaffinity Commit 8f9ea86fdf99b added some logic to sched_setaffinity that included a WARN when a per-task affinity assignment races with a cpuset update. Specifically, we can have a race where a cpuset update results in the task affinity no longer being a subset of the cpuset. That's fine; we have a fallback to instead use the cpuset mask. However, we have a WARN set up that will trigger if the cpuset mask has no overlap at all with the requested task affinity. This shouldn't be a warning condition; its trivial to create this condition. Reproduced the warning by the following setup: - $PID inside a cpuset cgroup - another thread repeatedly switching the cpuset cpus from 1-2 to just 1 - another thread repeatedly setting the $PID affinity (via taskset) to 2

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
8.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥6.2  –  <6.12.5
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 2

  • git.kernel.org https://git.kernel.org/stable/c/5c3fb75f538cfcb886f6dfeb497d99fc2f263ee6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/70ee7947a29029736a1a06c73a48ff37674a851b
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/5c3fb75f538cfcb886f6dfeb497d99fc2f263ee6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/70ee7947a29029736a1a06c73a48ff37674a851b
    Patch