CVE-2024-41033
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
cachestat: do not flush stats in recency check
syzbot detects that cachestat() is flushing stats, which can sleep, in its RCU read section (see 1). This is done in the workingset_test_recent() step (which checks if the folio's eviction is recent).
Move the stat flushing step to before the RCU read section of cachestat, and skip stat flushing during the recency check.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 68849411ce9eb55d00cef48504dcb35baca4b37e < e2f7c76758be16f1dc32c5a82270d4f6649eedab | affected |
| Linux | Linux | b006847222623ac3cda8589d15379eac86a2bcb7 < 1d1ba14e00d290b1ed616ed78c8c49bf897ce390 | affected |
| Linux | Linux | b006847222623ac3cda8589d15379eac86a2bcb7 < 5a4d8944d6b1e1aaaa83ea42c116b520b4ed0394 | affected |
| Linux | Linux | 6.8 | affected |
| Linux | Linux | 0 < 6.8 | unaffected |
| Linux | Linux | 6.9.10 <= 6.9.* | unaffected |
| Linux | Linux | 6.10 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/1d1ba14e00d290b1ed616ed78c8c49bf897ce390
- https://git.kernel.org/stable/c/5a4d8944d6b1e1aaaa83ea42c116b520b4ed0394
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/e2f7c76758be16f1dc32c5a82270d4f6649eedab
- https://git.kernel.org/stable/c/1d1ba14e00d290b1ed616ed78c8c49bf897ce390
- https://git.kernel.org/stable/c/5a4d8944d6b1e1aaaa83ea42c116b520b4ed0394
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.