CVE-2024-27067

Summary

In the Linux kernel, the following vulnerability has been resolved:

xen/evtchn: avoid WARN() when unbinding an event channel

When unbinding a user event channel, the related handler might be called a last time in case the kernel was built with CONFIG_DEBUG_SHIRQ. This might cause a WARN() in the handler.

Avoid that by adding an "unbinding" flag to struct user_event which will short circuit the handler.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3c8f5965a99397368d3762a9814a21a3e442e1a4 < 99e425032c6ec13584d3cd33846e0c7307501b47affected
LinuxLinux9e90e58c11b74c2bddac4b2702cf79d36b981278 < 35485dad6e28f9b17884764d4692b1655cb848d0affected
LinuxLinux9e90e58c11b74c2bddac4b2702cf79d36b981278 < 9e2d4b58c1da48a32905802aaeadba7084b46895affected
LinuxLinux9e90e58c11b74c2bddac4b2702cf79d36b981278 < 51c23bd691c0f1fb95b29731c356c6fd69925d17affected
LinuxLinux6.6.19 < 6.6.23affected
LinuxLinux6.7affected
LinuxLinux0 < 6.7unaffected
LinuxLinux6.6.23 <= 6.6.*unaffected
LinuxLinux6.7.11 <= 6.7.*unaffected
LinuxLinux6.8.2 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References