CVE-2024-50207

Name of the Vulnerable Software and Affected Versions: Linux Kernel (affected versions not specified)

Description: The issue concerns the Linux kernel's ring-buffer, where the function ring buffer subbuf order set() updates each ring buffer per cpu and installs new sub buffers that match the requested page order. This operation may be invoked concurrently with readers that rely on some of the modified data, such as the head bit (RB PAGE HEAD), or the ring buffer per cpu.pages and reader page pointers. However, no exclusive access is acquired by ring buffer subbuf order set(). Modifying the mentioned data while a reader also operates on them can then result in incorrect memory access and various crashes. The problem is fixed by taking the reader lock when updating a specific ring buffer per cpu in ring buffer subbuf order set().

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.