CVE-2024-53052
CVSS 3.1 Score 4.4 of 10 (medium)
Details
Summary
CVE-2024-53052: A vulnerability in the Linux kernel's io_uring component has been identified and addressed. The issue arises when io_uring starts a write operation, which unconditionally uses kiocb_start_write() to acquire the super block rwsem. This can lead to a deadlock, where a freezer task attempting to freeze the mount point is blocked, waiting for previous writes to complete. The previous writes, in turn, are unable to finish due to being blocked by the task trying to start a new write. To mitigate this issue, the io_uring side has been modified to honor IOCB_NOWAIT and only attempt a blocking grab of the super block rwsem if it isn't set. This change returns -EAGAIN, causing io_uring to issue a blocking attempt for the write, ensuring forward progress. This vulnerability can only be exploited by users with CAP_SYS_ADMIN privileges.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX