CVE-2024-41005

CVE Details

Release Date:

2024-07-12

Description

In the Linux kernel, the following vulnerability has been resolved:\nnetpoll: Fix race condition in netpoll_owner_active\nKCSAN detected a race condition in netpoll:\nBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\nwrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\nnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\nread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\nnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\nnetpoll_send_udp (net/core/netpoll.c:?)\n\nvalue changed: 0x0000000a -> 0xffffffff\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi->poll_owner\nnon atomically. The ->poll_owner field contains the current CPU holding\nthe lock.\nUse an atomic read to check if the poll owner is the current CPU.

See more information about CVE-2024-41005 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	4.7	CVSS Vector:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	High
Privileges Required:	Low	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (kernel)	ELSA-2024-7000	2024-09-24
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12618	2024-09-12
Oracle Linux version 9 (kernel)	ELSA-2024-8617	2024-10-30
Oracle Linux version 9 (kernel-uek)	ELSA-2024-12618	2024-09-12