CVE-2024-42245

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 7, 2024
Updated: Aug 8, 2024
CWE ID 667

Summary

CVE-2024-42245 is a vulnerability affecting the Linux kernel. A previous commit, b0defa7ae03ecf91b8bfd10ede430cff12fcbd06, aimed to make it easier to detach tasks that were pinned and buried in long lists. However, this change introduced an O(n) iteration in detach_tasks(), making it easier to trigger hard lockups, particularly when rq lock was held in softirq context. After discussion on the mailing list, it was determined that reverting the original patch was the best course of action, as the number of affected users seemed low and the potential for hard lockups was significant.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share