5.5

CVE-2024-26686

fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats

In the Linux kernel, the following vulnerability has been resolved:

fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats

lock_task_sighand() can trigger a hard lockup.  If NR_CPUS threads call
do_task_stat() at the same time and the process has NR_THREADS, it will
spin with irqs disabled O(NR_CPUS * NR_THREADS) time.

Change do_task_stat() to use sig->stats_lock to gather the statistics
outside of ->siglock protected section, in the likely case this code will
run lockless.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 6.1.82
LinuxLinux Kernel Version >= 6.2 < 6.7.6
LinuxLinux Kernel Version6.8 Updaterc1
LinuxLinux Kernel Version6.8 Updaterc2
LinuxLinux Kernel Version6.8 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.114
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/27978243f165b44e342f28f449b91327944ea071
Patch
https://git.kernel.org/stable/c/3820b0fac7732a653bcc6f6ac20c1d72e697f8f6
Patch
https://git.kernel.org/stable/c/7601df8031fd67310af891897ef6cc0df4209305
Patch
https://git.kernel.org/stable/c/cf4b8c39b9a0bd81c47afc7ef62914a62dd5ec4d
Patch
https://git.kernel.org/stable/c/0c35d1914353799c54fa1843fe7dea6fcbcdbac5
https://git.kernel.org/stable/c/4fe85bdaabd63f8f8579b24a10ed597c9c482164
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html