PT-2024-7839 · Linux+4 · Linux Kernel+4

Published

2024-04-12

·

Updated

2025-02-03

·

CVE-2024-27009

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A race condition exists in the ccw device set online() function that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts to set that device online fail with return code ENODEV. The problem occurs when a path verification request arrives after a wait for final device state completed, but before the result state is evaluated. This issue can be fixed by ensuring that the CCW-device lock is held between determining final state and checking result state. Since commit 2297791c92d0, path verification requests are more likely to occur during boot, resulting in an increased chance of this race condition occurring.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2024-09339
CVE-2024-27009
DSA-5680-1
MGASA-2024-0263
MGASA-2024-0266
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6893-1
USN-6893-2
USN-6893-3
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6918-1
USN-6919-1
USN-6927-1
USN-7019-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Ubuntu