5.5

CVE-2024-35793

debugfs: fix wait/cancellation handling during remove

In the Linux kernel, the following vulnerability has been resolved:

debugfs: fix wait/cancellation handling during remove

Ben Greear further reports deadlocks during concurrent debugfs
remove while files are being accessed, even though the code in
question now uses debugfs cancellations. Turns out that despite
all the review on the locking, we missed completely that the
logic is wrong: if the refcount hits zero we can finish (and
need not wait for the completion), but if it doesn't we have
to trigger all the cancellations. As written, we can _never_
get into the loop triggering the cancellations. Fix this, and
explain it better while at it.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.7.1 < 6.7.12
LinuxLinux Kernel Version >= 6.8 < 6.8.3
LinuxLinux Kernel Version6.7 Update-
LinuxLinux Kernel Version6.7 Updaterc4
LinuxLinux Kernel Version6.7 Updaterc5
LinuxLinux Kernel Version6.7 Updaterc6
LinuxLinux Kernel Version6.7 Updaterc7
LinuxLinux Kernel Version6.7 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.068
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/3d08cca5fd0aabb62b7015067ab40913b33da906
Patch
https://git.kernel.org/stable/c/952c3fce297f12c7ff59380adb66b564e2bc9b64
Patch
https://git.kernel.org/stable/c/e88b5ae01901c4a655a53158397746334778a57b
Patch