-

CVE-2024-38580

EPSS 0.03%
Veröffentlicht 19.06.2024 14:15:18
Zuletzt bearbeitet 21.11.2024 09:26:24
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

epoll: be better about file lifetimes

epoll can call out to vfs_poll() with a file pointer that may race with
the last 'fput()'. That would make f_count go down to zero, and while
the ep->mtx locking means that the resulting file pointer tear-down will
be blocked until the poll returns, it means that f_count is already
dead, and any use of it won't actually get a reference to the file any
more: it's dead regardless.

Make sure we have a valid ref on the file pointer before we call down to
vfs_poll() from the epoll routines.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 559214eb4e5c3d05e69428af2fae2691ba1eb784

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 4f65f4defe4e23659275ce5153541cd4f76ce2d2

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 16e3182f6322575eb7c12e728ad3c7986a189d5d

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 4efaa5acf0a1d2b5947f98abb3acf8bfd966422b

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version <= 5.15.*

Version 5.15.161

Status unaffected

Version <= 6.1.*

Version 6.1.93

Status unaffected

Version <= 6.6.*

Version 6.6.33

Status unaffected

Version <= 6.8.*

Version 6.8.12

Status unaffected

Version <= *

Version 6.9

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.049

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/16e3182f6322575eb7c12e728ad3c7986a189d5d

https://git.kernel.org/stable/c/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b

https://git.kernel.org/stable/c/4f65f4defe4e23659275ce5153541cd4f76ce2d2

https://git.kernel.org/stable/c/559214eb4e5c3d05e69428af2fae2691ba1eb784

https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e

https://nvd.nist.gov/vuln/detail/CVE-2024-38580

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38580

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38580

EUVD