SB20240608187 - Race condition in Linux kernel mm
Published: June 8, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240608187
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition (CVE-ID: CVE-2024-26960)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the __swap_entry_free_locked() and free_swap_and_cache() functions in mm/swapfile.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/d85c11c97ecf92d47a4b29e3faca714dc1f18d0d
- https://git.kernel.org/stable/c/2da5568ee222ce0541bfe446a07998f92ed1643e
- https://git.kernel.org/stable/c/1ede7f1d7eed1738d1b9333fd1e152ccb450b86a
- https://git.kernel.org/stable/c/0f98f6d2fb5fad00f8299b84b85b6bc1b6d7d19a
- https://git.kernel.org/stable/c/3ce4c4c653e4e478ecb15d3c88e690f12cbf6b39
- https://git.kernel.org/stable/c/363d17e7f7907c8e27a9e86968af0eaa2301787b
- https://git.kernel.org/stable/c/82b1c07a0af603e3c47b906c8e991dc96f01688e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3