5.5
CVE-2024-35793
- EPSS 0.03%
- Veröffentlicht 17.05.2024 13:15:59
- Zuletzt bearbeitet 26.09.2025 16:20:35
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: debugfs: fix wait/cancellation handling during remove Ben Greear further reports deadlocks during concurrent debugfs remove while files are being accessed, even though the code in question now uses debugfs cancellations. Turns out that despite all the review on the locking, we missed completely that the logic is wrong: if the refcount hits zero we can finish (and need not wait for the completion), but if it doesn't we have to trigger all the cancellations. As written, we can _never_ get into the loop triggering the cancellations. Fix this, and explain it better while at it.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.7.1 < 6.7.12
Linux ≫ Linux Kernel Version >= 6.8 < 6.8.3
Linux ≫ Linux Kernel Version6.7 Update-
Linux ≫ Linux Kernel Version6.7 Updaterc4
Linux ≫ Linux Kernel Version6.7 Updaterc5
Linux ≫ Linux Kernel Version6.7 Updaterc6
Linux ≫ Linux Kernel Version6.7 Updaterc7
Linux ≫ Linux Kernel Version6.7 Updaterc8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.055 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-667 Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.