CVE-2024-56755

MEDIUM EPSS 10.4%
Published Dec 29, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Dec 29, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING In fscache_create_volume(), there is a missing memory barrier between the bit-clearing operation and the wake-up operation. This may cause a situation where, after a wake-up, the bit-clearing operation hasn't been detected yet, leading to an indefinite wait. The triggering process is as follows: [cookie1] [cookie2] [volume_work] fscache_perform_lookup fscache_create_volume fscache_perform_lookup fscache_create_volume fscache_create_volume_work cachefiles_acquire_volume clear_and_wake_up_bit test_and_set_bit test_and_set_bit goto maybe_wait goto no_wait In the above process, cookie1 and cookie2 has the same volume. When cookie1 enters the -no_wait- process, it will clear the bit and wake up the waiting process. If a barrier is missing, it may cause cookie2 to remain in the -wait- process indefinitely. In commit 3288666c7256 ("fscache: Use clear_and_wake_up_bit() in fscache_create_volume_work()"), barriers were added to similar operations in fscache_create_volume_work(), but fscache_create_volume() was missed. By combining the clear and wake operations into clear_and_wake_up_bit() to fix this issue.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
10.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥5.17  –  <6.1.120
linuxlinux_kernel*≥6.2  –  <6.6.64
linuxlinux_kernel*≥6.7  –  <6.11.11
linuxlinux_kernel*≥6.12  –  <6.12.2

References 6

  • git.kernel.org https://git.kernel.org/stable/c/22f9400a6f3560629478e0a64247b8fcc811a24d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/539fabba965e119b98066fc6ba5257b5eaf4eda2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8beb682cc9a0798a280bbb95e3e41617237090b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8cc1df3113cb71a0df2c46dd5b102c9e11c8a8c6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ddab02607eed9e415dc62fde421d4329e5345315
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/22f9400a6f3560629478e0a64247b8fcc811a24d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/539fabba965e119b98066fc6ba5257b5eaf4eda2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8beb682cc9a0798a280bbb95e3e41617237090b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8cc1df3113cb71a0df2c46dd5b102c9e11c8a8c6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ddab02607eed9e415dc62fde421d4329e5345315
    Patch