PT-2024-34099 · Linux+7 · Linux Kernel+7
Roman Gushchin
·
Published
2024-11-04
·
Updated
2026-05-26
·
CVE-2024-50271
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue concerns a behavior change in the Linux kernel related to signal handling, specifically with the
override rlimit logic. Prior to a certain commit, the UCOUNT RLIMIT SIGPENDING rlimit was not enforced for a class of signals. However, after the change, this limit is enforced unconditionally, even when override rlimit is set. This change caused production issues, including problems with signal delivery and error handling in applications. For instance, when the limit is reached and a process receives a SIGSEGV signal, sigqueue alloc fails to allocate necessary resources, preventing the signal from being delivered with siginfo. This leads to unpredictable behavior and crashes, as observed with Java applications.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu