SB20240620100 - Race condition within a thread in Linux kernel unix
Published: June 20, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240620100
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition within a thread (CVE-ID: CVE-2024-38596)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a
- https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe
- https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055
- https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5
- https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c
- https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb
- https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9
- https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b
- https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.278
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.12