| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 May 2024 14:02:20 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-27420: netrom: Fix a data-race around sysctl_netrom_link_fails_count Description =========== In the Linux kernel, the following vulnerability has been resolved: netrom: Fix a data-race around sysctl_netrom_link_fails_count We need to protect the reader reading the sysctl value because the value can be changed concurrently. The Linux kernel CVE team has assigned CVE-2024-27420 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 4.19.310 with commit 97a4d8b9f67c Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 5.4.272 with commit 07bbccd1adb5 Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 5.10.213 with commit cfe0f73fb38a Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 5.15.152 with commit c558e54f7712 Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 6.1.82 with commit cfedde3058bf Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 6.6.22 with commit db364859ce68 Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 6.7.10 with commit 0b8eb369c182 Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 6.8 with commit bc76645ebdd0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-27420 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/netrom/nr_route.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/97a4d8b9f67cc7efe9a0c137e12f6d9e40795bf1 https://git.kernel.org/stable/c/07bbccd1adb56b39eef982b8960d59e3c005c6a1 https://git.kernel.org/stable/c/cfe0f73fb38a01bce86fe15ef5f750f850f7d3fe https://git.kernel.org/stable/c/c558e54f7712b086fbcb611723272a0a4b0d451c https://git.kernel.org/stable/c/cfedde3058bf976f2f292c0a236edd43afcdab57 https://git.kernel.org/stable/c/db364859ce68fb3a52d42cd87a54da3dc42dc1c8 https://git.kernel.org/stable/c/0b8eb369c182814d817b9449bc9e86bfae4310f9 https://git.kernel.org/stable/c/bc76645ebdd01be9b9994dac39685a3d0f6f7985
Powered by blists - more mailing lists