PT-2024-9231 · Linux+9 · Linux Kernel+9
Dirk Behme
+1
·
Published
2024-06-04
·
Updated
2025-02-03
·
CVE-2024-39501
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to a race condition in the Linux kernel, specifically between the
really probe() and dev uevent() functions. This race condition can occur when these functions run in different threads, leading to a potential system crash. The problem arises when dev->driver is set to NULL in really probe() and then accessed in dev uevent() after the check, causing the system to crash. The fix involves adding a lock to the non-protected path to prevent this race condition. Similar cases have been reported by syzkaller, but they are considered false-positives as they relate to the initialization of dev->driver. The same issue was previously reported and attempted to be fixed in 2015.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu