Linux · Linux Kernel · CVE-2024-50271
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue concerns a behavior change in the Linux kernel related to signal handling, specifically with the `override rlimit` logic. Prior to a certain commit, the `UCOUNT RLIMIT SIGPENDING` rlimit was not enforced for a class of signals. However, after the change, this limit is enforced unconditionally, even when `override rlimit` is set. This change caused production issues, including problems with signal delivery and error handling in applications. For instance, when the limit is reached and a process receives a `SIGSEGV` signal, `sigqueue alloc` fails to allocate necessary resources, preventing the signal from being delivered with `siginfo`. This leads to unpredictable behavior and crashes, as observed with Java applications.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.