CVE-2024-47668

Summary

In the Linux kernel, the following vulnerability has been resolved:

lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll still have a preallocated node that might be used later.

If we then use that node for a new non-root node, it'll still have a pointer to the old root instead of being zeroed - fix this by zeroing it in the cmpxchg failure path.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxba20ba2e3743bac786dff777954c11930256075e < 0f27f4f445390cb7f73d4209cb2bf32834dc53daaffected
LinuxLinuxba20ba2e3743bac786dff777954c11930256075e < 99418ec776a39609f50934720419e0b464ca2283affected
LinuxLinuxba20ba2e3743bac786dff777954c11930256075e < ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169affected
LinuxLinuxba20ba2e3743bac786dff777954c11930256075e < ebeff038744c498a036e7a92eb8e433ae0a386d7affected
LinuxLinuxba20ba2e3743bac786dff777954c11930256075e < d942e855324a60107025c116245095632476613eaffected
LinuxLinuxba20ba2e3743bac786dff777954c11930256075e < 0f078f8ca93b28a34e20bd050f12cd4efeee7c0faffected
LinuxLinuxba20ba2e3743bac786dff777954c11930256075e < b2f11c6f3e1fc60742673b8675c95b78447f3daeaffected
LinuxLinux5.1affected
LinuxLinux0 < 5.1unaffected
LinuxLinux5.4.284 <= 5.4.*unaffected
LinuxLinux5.10.226 <= 5.10.*unaffected
LinuxLinux5.15.167 <= 5.15.*unaffected
LinuxLinux6.1.110 <= 6.1.*unaffected
LinuxLinux6.6.51 <= 6.6.*unaffected
LinuxLinux6.10.10 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References