Lucene search

Ubuntu.comUB:CVE-2024-38384

HistoryJun 24, 2024 - 12:00 a.m.

CVE-2024-38384

2024-06-2400:00:00

ubuntu.com

linux kernel

vulnerability

blk-cgroup

list corruption

write

flush

barrier

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

JSON

In the Linux kernel, the following vulnerability has been resolved:
blk-cgroup: fix list corruption from reorder of WRITE ->lqueued
__blkcg_rstat_flush() can be run anytime, especially when
blk_cgroup_bio_start is being executed. If WRITE of ->lqueued is
re-ordered with READ of ‘bisc->lnode.next’ in the loop of
__blkcg_rstat_flush(), next_bisc can be assigned with one stat instance
being added in blk_cgroup_bio_start(), then the local list in
__blkcg_rstat_flush() could be corrupted. Fix the issue by adding one
barrier.

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu23.10noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu23.10noarchlinux-azure< anyUNKNOWN
ubuntu24.04noarchlinux-azure< anyUNKNOWN
ubuntu22.04noarchlinux-azure-6.5< anyUNKNOWN
ubuntu23.10noarchlinux-gcp< anyUNKNOWN
ubuntu24.04noarchlinux-gcp< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	23.10	noarch	linux-azure	< any	UNKNOWN
ubuntu	24.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure-6.5	< any	UNKNOWN
ubuntu	23.10	noarch	linux-gcp	< any	UNKNOWN
ubuntu	24.04	noarch	linux-gcp	< any	UNKNOWN

Rows per page:

1-10 of 331

References

git.kernel.org/linus/d0aac2363549e12cc79b8e285f13d5a9f42fd08e (6.10-rc1)

git.kernel.org/stable/c/714e59b5456e4d6e4295a9968c564abe193f461c

git.kernel.org/stable/c/785298ab6b802afa75089239266b6bbea590809c

git.kernel.org/stable/c/d0aac2363549e12cc79b8e285f13d5a9f42fd08e

launchpad.net/bugs/cve/CVE-2024-38384

nvd.nist.gov/vuln/detail/CVE-2024-38384

security-tracker.debian.org/tracker/CVE-2024-38384

www.cve.org/CVERecord?id=CVE-2024-38384

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

JSON

Related for UB:CVE-2024-38384