CVE-2024-50060

Summary

In the Linux kernel, the following vulnerability has been resolved:

io_uring: check if we need to reschedule during overflow flush

In terms of normal application usage, this list will always be empty. And if an application does overflow a bit, it'll have a few entries. However, nothing obviously prevents syzbot from running a test case that generates a ton of overflow entries, and then flushing them can take quite a while.

Check for needing to reschedule while flushing, and drop our locks and do so if necessary. There's no state to maintain here as overflows always prune from head-of-list, hence it's fine to drop and reacquire the locks at the end of the loop.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2b188cc1bb857a9d4701ae59aa7768b5124e262e < a2493904e95ce94bbec819d8f7f03b99976eb25caffected
LinuxLinux2b188cc1bb857a9d4701ae59aa7768b5124e262e < f4ce3b5d26ce149e77e6b8e8f2058aa80e5b034eaffected
LinuxLinux2b188cc1bb857a9d4701ae59aa7768b5124e262e < c2eadeafce2d385b3f6d26a7f31fee5aba2bbbb0affected
LinuxLinux2b188cc1bb857a9d4701ae59aa7768b5124e262e < eac2ca2d682f94f46b1973bdf5e77d85d77b8e53affected
LinuxLinux5.1affected
LinuxLinux0 < 5.1unaffected
LinuxLinux6.1.113 <= 6.1.*unaffected
LinuxLinux6.6.57 <= 6.6.*unaffected
LinuxLinux6.11.4 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References