CVE-2024-42250
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-42250 is a vulnerability affecting the Linux kernel. It was identified in the 'cachefiles' subsystem where lock protection was missing during polling routines. Specifically, when iterating through a radix tree in the 'xarray', the data structure stored in the slot, such as 'struct cachefiles_req', does not have a guarantee to be pinned. As a result, the poll routine dereferences this structure without proper protection, leading to a potential race condition. To mitigate this issue, a spinlock is required to ensure proper synchronization and prevent unintended data access.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX