CVE-2024-42250

In the Linux kernel, the following vulnerability has been resolved: cachefiles: add missing lock protection when polling Add missing lock protection in poll routine when iterating xarray, otherwise: Even with RCU read lock held, only the slot of the radix tree is ensured to be pinned there, while the data structure (e.g. struct cachefiles_req) stored in the slot has no such guarantee. The poll routine will iterate the radix tree and dereference cachefiles_req accordingly. Thus RCU read lock is not adequate in this case and spinlock is needed here.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/6bb6bd3dd6f382dfd36220d4b210a0c77c066651	Patch
https://git.kernel.org/stable/c/8eadcab7f3dd809edbe5ae20533ff843dfea3a07	Patch
https://git.kernel.org/stable/c/97cfd5e20ddc2e33e16ce369626ce76c9a475fd7	Patch
https://git.kernel.org/stable/c/cf5bb09e742a9cf6349127e868329a8f69b7a014	Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

03 Nov 2025, 22:17

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html -

Information

Published : 2024-08-07 16:15

Updated : 2025-11-03 22:17

NVD link : CVE-2024-42250

Mitre link : CVE-2024-42250

CVE.ORG link : CVE-2024-42250

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

{"id": "CVE-2024-42250", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-07T16:15:47.567", "references": [{"url": "https://git.kernel.org/stable/c/6bb6bd3dd6f382dfd36220d4b210a0c77c066651", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8eadcab7f3dd809edbe5ae20533ff843dfea3a07", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/97cfd5e20ddc2e33e16ce369626ce76c9a475fd7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cf5bb09e742a9cf6349127e868329a8f69b7a014", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: add missing lock protection when polling\n\nAdd missing lock protection in poll routine when iterating xarray,\notherwise:\n\nEven with RCU read lock held, only the slot of the radix tree is\nensured to be pinned there, while the data structure (e.g. struct\ncachefiles_req) stored in the slot has no such guarantee. The poll\nroutine will iterate the radix tree and dereference cachefiles_req\naccordingly. Thus RCU read lock is not adequate in this case and\nspinlock is needed here."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: archivos de cach\u00e9: agregue protecci\u00f3n de bloqueo faltante al sondear. Agregue protecci\u00f3n de bloqueo faltante en la rutina de sondeo al iterar xarray; de lo contrario: incluso con el bloqueo de lectura de RCU mantenido, solo se garantiza que la ranura del \u00e1rbol de base ser anclado all\u00ed, mientras que la estructura de datos (por ejemplo, struct cachefiles_req) almacenada en la ranura no tiene tal garant\u00eda. La rutina de sondeo iterar\u00e1 el \u00e1rbol de base y eliminar\u00e1 la referencia a cachefiles_req en consecuencia. Por lo tanto, el bloqueo de lectura de la RCU no es adecuado en este caso y aqu\u00ed se necesita el bloqueo de giro."}], "lastModified": "2025-11-03T22:17:50.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FAC1A24-181A-4DB7-801D-4BDF1B4E4116", "versionEndExcluding": "6.9.10", "versionStartIncluding": "6.8"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}