Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix reader locking when changing the sub buffer order The function ring_buffer_subbuf_order_set() updates each ring_buffer_per_cpu and installs new sub buffers that match the requested page order. This operation may be invoked concurrently with readers that rely on some of the modified data, such as the head bit (RB_PAGE_HEAD), or the ring_buffer_per_cpu.pages and reader_page pointers. However, no exclusive access is acquired by ring_buffer_subbuf_order_set(). Modifying the mentioned data while a reader also operates on them can then result in incorrect memory access and various crashes. Fix the problem by taking the reader_lock when updating a specific ring_buffer_per_cpu in ring_buffer_subbuf_order_set().
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.8, < 6.11.6 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/09661f75e75cb6c1d2d8326a70c311d46729235fPatch
- https://git.kernel.org/stable/c/a569290525a05162d5dd26d9845591eaf46e5802Patch
FAQ
What is CVE-2024-50207?
CVE-2024-50207 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix reader locking when changing the sub buffer order The function ring_buffer_subbuf_order_set() updates each ring_b...
How severe is CVE-2024-50207?
CVE-2024-50207 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50207?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.