| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 May 2024 14:02:25 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-27425: netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay Description =========== In the Linux kernel, the following vulnerability has been resolved: netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay We need to protect the reader reading the sysctl value because the value can be changed concurrently. The Linux kernel CVE team has assigned CVE-2024-27425 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 4.19.310 with commit 6133a71c75da Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 5.4.272 with commit 80578681ea27 Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 5.10.213 with commit 34c84e0036a6 Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 5.15.152 with commit 33081e0f3489 Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 6.1.82 with commit 5deaef2bf564 Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 6.6.22 with commit 7d56ffc51ebd Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 6.7.10 with commit a22f9194f61a Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 6.8 with commit 806f462ba902 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-27425 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/netrom/af_netrom.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6133a71c75dacea12fcc85838b4455c2055b0f14 https://git.kernel.org/stable/c/80578681ea274e0a6512bb7515718c206a7b74cf https://git.kernel.org/stable/c/34c84e0036a60e7e50ae50b42ed194d8daef8cc9 https://git.kernel.org/stable/c/33081e0f34899d5325e7c45683dd8dc9cb18b583 https://git.kernel.org/stable/c/5deaef2bf56456c71b841e0dfde1bee2fd88c4eb https://git.kernel.org/stable/c/7d56ffc51ebd2777ded8dca50d631ee19d97db5c https://git.kernel.org/stable/c/a22f9194f61ad4f2b6405c7c86bee85eac1befa5 https://git.kernel.org/stable/c/806f462ba9029d41aadf8ec93f2f99c5305deada
Powered by blists - more mailing lists