CVE-2024-53052

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Nov 19, 2024
Updated: Nov 22, 2024
CWE ID 667

Summary

CVE-2024-53052: A vulnerability in the Linux kernel's io_uring component has been identified and addressed. The issue arises when io_uring starts a write operation, which unconditionally uses kiocb_start_write() to acquire the super block rwsem. This can lead to a deadlock, where a freezer task attempting to freeze the mount point is blocked, waiting for previous writes to complete. The previous writes, in turn, are unable to finish due to being blocked by the task trying to start a new write. To mitigate this issue, the io_uring side has been modified to honor IOCB_NOWAIT and only attempt a blocking grab of the super block rwsem if it isn't set. This change returns -EAGAIN, causing io_uring to issue a blocking attempt for the write, ensuring forward progress. This vulnerability can only be exploited by users with CAP_SYS_ADMIN privileges.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share