CVE-2024-50060
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring: check if we need to reschedule during overflow flush
In terms of normal application usage, this list will always be empty. And if an application does overflow a bit, it'll have a few entries. However, nothing obviously prevents syzbot from running a test case that generates a ton of overflow entries, and then flushing them can take quite a while.
Check for needing to reschedule while flushing, and drop our locks and do so if necessary. There's no state to maintain here as overflows always prune from head-of-list, hence it's fine to drop and reacquire the locks at the end of the loop.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 2b188cc1bb857a9d4701ae59aa7768b5124e262e < a2493904e95ce94bbec819d8f7f03b99976eb25c | affected |
| Linux | Linux | 2b188cc1bb857a9d4701ae59aa7768b5124e262e < f4ce3b5d26ce149e77e6b8e8f2058aa80e5b034e | affected |
| Linux | Linux | 2b188cc1bb857a9d4701ae59aa7768b5124e262e < c2eadeafce2d385b3f6d26a7f31fee5aba2bbbb0 | affected |
| Linux | Linux | 2b188cc1bb857a9d4701ae59aa7768b5124e262e < eac2ca2d682f94f46b1973bdf5e77d85d77b8e53 | affected |
| Linux | Linux | 5.1 | affected |
| Linux | Linux | 0 < 5.1 | unaffected |
| Linux | Linux | 6.1.113 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.57 <= 6.6.* | unaffected |
| Linux | Linux | 6.11.4 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
- https://git.kernel.org/stable/c/a2493904e95ce94bbec819d8f7f03b99976eb25c
- https://git.kernel.org/stable/c/f4ce3b5d26ce149e77e6b8e8f2058aa80e5b034e
- https://git.kernel.org/stable/c/c2eadeafce2d385b3f6d26a7f31fee5aba2bbbb0
- https://git.kernel.org/stable/c/eac2ca2d682f94f46b1973bdf5e77d85d77b8e53
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.