PT-2024-9789 · Linux+5 · Linux Kernel+5

Syzbot

·

Published

2024-05-16

·

Updated

2025-03-27

·

CVE-2024-38589

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.37
Description: The vulnerability is related to a possible dead-lock in the nr rt ioctl() function. It occurs when the nr node list lock is acquired before the nr node lock, leading to a circular locking dependency. This can cause a denial-of-service (DoS) condition. The issue is due to the incorrect ordering of lock acquisitions in the nr rt ioctl() function.
Recommendations: To resolve the issue, update the Linux kernel to version 6.6.37 or later. This version includes the fix for the possible dead-lock in the nr rt ioctl() function. Ensure that all affected systems are updated to this version or later to prevent potential exploitation of this vulnerability.

Exploit

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

BDU:2024-11552
CVE-2024-38589
DLA-3840-1
DSA-5730-1
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-1894
OESA-2024-1895
OESA-2024-1896
OESA-2024-1897
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4316-1
OPENSUSE-SU-2024_4376-1
SUSE-SU-2024:4314-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4376-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:0236-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
SUSE-SU-2025_0236-1
USN-6949-1
USN-6949-2
USN-6951-1
USN-6951-2
USN-6951-3
USN-6951-4
USN-6952-1
USN-6952-2
USN-6953-1
USN-6955-1
USN-6979-1
USN-7007-1
USN-7007-2
USN-7007-3
USN-7009-1
USN-7009-2
USN-7019-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu