CVE-2024-27005

CVSS v3.1

6.3

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the interconnect component in the Linux kernel, where the icc lock mutex was split into separate icc lock and icc bw lock mutexes to avoid lockdep splats. However, this did not adequately protect access to icc node::req list. The icc set bw() function iterates over req list while only holding icc bw lock, but req list can be modified while only holding icc lock. This causes races between icc set bw(), of icc get(), and icc put(). To fix this, icc bw lock must always be held before manipulating icc node::req list.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667CWE-362

Related Identifiers

AZL-59644

BDU:2025-03614

CVE-2024-27005

ECHO-FC83-846B-70B7

MGASA-2024-0263

MGASA-2024-0266

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-6893-1

USN-6893-2

USN-6893-3

USN-6918-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2024-27005

Weakness Enumeration

Related Identifiers

Affected Products

References · 1665