PT-2024-6351 · Linux+7 · Linux Kernel+7
Petr Pavlu
·
Published
2024-05-21
·
Updated
2025-09-29
·
CVE-2024-38601
CVSS v3.1
4.7
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.37
Description
The issue is related to a race condition between readers and resize checks in the ring buffer of the Linux kernel. The reader code in
rb get reader page() swaps a new reader page into the ring buffer, which can lead to a temporary inconsistency in the underlying doubly-linked list. The resize operation in ring buffer resize() can be invoked in parallel and calls rb check pages(), which can detect this inconsistency and stop further tracing. This can cause a denial of service.The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.
Technical details about exploitation include:
- The
rb get reader page()function swaps a new reader page into the ring buffer by doing cmpxchg onold->list.prev->nextto point it to the new page. - The
ring buffer resize()function can be invoked in parallel and callsrb check pages(), which can detect the inconsistency and stop further tracing. - The
rb check pages()function checks the consistency of the ring buffer pages.
Recommendations
To resolve the issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider disabling the
rb get reader page() function until a patch is available. Restrict access to the vulnerable ring buffer resize() function to minimize the risk of exploitation. Avoid using the rb check pages() function in the affected API endpoint until the issue is resolved.Exploit
Fix
Race Condition
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu