SB2024080785 - Improper locking in Linux kernel cachefiles
Published: August 7, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024080785
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2024-42250)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cachefiles_daemon_poll() function in fs/cachefiles/daemon.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/97cfd5e20ddc2e33e16ce369626ce76c9a475fd7
- https://git.kernel.org/stable/c/6bb6bd3dd6f382dfd36220d4b210a0c77c066651
- https://git.kernel.org/stable/c/8eadcab7f3dd809edbe5ae20533ff843dfea3a07
- https://git.kernel.org/stable/c/cf5bb09e742a9cf6349127e868329a8f69b7a014
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.100
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.41