CVE-2024-50207

MEDIUM EPSS 3.5%
Published Nov 8, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Nov 8, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix reader locking when changing the sub buffer order The function ring_buffer_subbuf_order_set() updates each ring_buffer_per_cpu and installs new sub buffers that match the requested page order. This operation may be invoked concurrently with readers that rely on some of the modified data, such as the head bit (RB_PAGE_HEAD), or the ring_buffer_per_cpu.pages and reader_page pointers. However, no exclusive access is acquired by ring_buffer_subbuf_order_set(). Modifying the mentioned data while a reader also operates on them can then result in incorrect memory access and various crashes. Fix the problem by taking the reader_lock when updating a specific ring_buffer_per_cpu in ring_buffer_subbuf_order_set().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥6.8  –  <6.11.6
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any

References 2

  • git.kernel.org https://git.kernel.org/stable/c/09661f75e75cb6c1d2d8326a70c311d46729235f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a569290525a05162d5dd26d9845591eaf46e5802
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/09661f75e75cb6c1d2d8326a70c311d46729235f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a569290525a05162d5dd26d9845591eaf46e5802
    Patch