Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: s390/cpum_sf: Fix and protect memory allocation of SDBs with mutex Reservation of the PMU hardware is done at first event creation and is protected by a pair of mutex_lock() and mutex_unlock(). After reservation of the PMU hardware the memory required for the PMUs the event is to be installed on is allocated by allocate_buffers() and alloc_sampling_buffer(). This done outside of the mutex protection. Without mutex protection two or more concurrent invocations of perf_event_init() may run in parallel. This can lead to allocation of Sample Data Blocks (SDBs) multiple times for the same PMU. Prevent this and protect memory allocation of SDBs by mutex.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.12, < 6.12.2 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/4b3bdfa89635db6a53e02955548bd07bebcae233Patch
- https://git.kernel.org/stable/c/f55bd479d8663a4a4e403b3d308d3d1aa33d92dfPatch
FAQ
What is CVE-2024-56706?
CVE-2024-56706 is a vulnerability with a CVSS score of 6.3 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: s390/cpum_sf: Fix and protect memory allocation of SDBs with mutex Reservation of the PMU hardware is done at first event creation...
How severe is CVE-2024-56706?
CVE-2024-56706 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-56706?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.