Description

In the Linux kernel, the following vulnerability has been resolved: cachefiles: add missing lock protection when polling Add missing lock protection in poll routine when iterating xarray, otherwise: Even with RCU read lock held, only the slot of the radix tree is ensured to be pinned there, while the data structure (e.g. struct cachefiles_req) stored in the slot has no such guarantee. The poll routine will iterate the radix tree and dereference cachefiles_req accordingly. Thus RCU read lock is not adequate in this case and spinlock is needed here.

INFO

Published Date :

2024-08-07T15:14:33.997Z

Last Modified :

2025-11-03T22:02:51.030Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-42250 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-42250.

URL Resource
https://git.kernel.org/stable/c/6bb6bd3dd6f382dfd36220d4b210a0c77c066651 cve-icon cve-icon
https://git.kernel.org/stable/c/8eadcab7f3dd809edbe5ae20533ff843dfea3a07 cve-icon cve-icon
https://git.kernel.org/stable/c/97cfd5e20ddc2e33e16ce369626ce76c9a475fd7 cve-icon cve-icon
https://git.kernel.org/stable/c/cf5bb09e742a9cf6349127e868329a8f69b7a014 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024080743-CVE-2024-42250-9580@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-42250 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-42250 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact