4.7

CVE-2024-27419

netrom: Fix data-races around sysctl_net_busy_read

In the Linux kernel, the following vulnerability has been resolved:

netrom: Fix data-races around sysctl_net_busy_read

We need to protect the reader reading the sysctl value because the
value can be changed concurrently.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.13 < 4.19.310
LinuxLinux Kernel Version >= 4.20 < 5.4.272
LinuxLinux Kernel Version >= 5.5 < 5.10.213
LinuxLinux Kernel Version >= 5.11 < 5.15.152
LinuxLinux Kernel Version >= 5.16 < 6.1.82
LinuxLinux Kernel Version >= 6.2 < 6.6.22
LinuxLinux Kernel Version >= 6.7 < 6.7.10
LinuxLinux Kernel Version2.6.12 Update-
LinuxLinux Kernel Version2.6.12 Updaterc2
LinuxLinux Kernel Version2.6.12 Updaterc3
LinuxLinux Kernel Version2.6.12 Updaterc4
LinuxLinux Kernel Version2.6.12 Updaterc5
LinuxLinux Kernel Version6.8 Updaterc1
LinuxLinux Kernel Version6.8 Updaterc2
LinuxLinux Kernel Version6.8 Updaterc3
LinuxLinux Kernel Version6.8 Updaterc4
LinuxLinux Kernel Version6.8 Updaterc5
LinuxLinux Kernel Version6.8 Updaterc6
LinuxLinux Kernel Version6.8 Updaterc7
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.089
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Third Party Advisory
https://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1
Patch
https://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc2d60ad4
Patch
https://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b
Patch
https://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf
Patch
https://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3
Patch
https://git.kernel.org/stable/c/d380ce70058a4ccddc3e5f5c2063165dc07672c6
Patch
https://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856
Patch
https://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a
Patch
https://cert-portal.siemens.com/productcert/html/ssa-265688.html