CVE-2024-27419 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: netrom: Fix data-races around sysctl_net_busy_read We need to protect the reader reading the sysctl value because the value can be changed concurrently.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1
https://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc2d60ad4
https://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b
https://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf
https://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3
https://git.kernel.org/stable/c/d380ce70058a4ccddc3e5f5c2063165dc07672c6
https://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856
https://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a
https://lore.kernel.org/linux-cve-announce/2024051719-CVE-2024-27419-726a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-27419
https://www.cve.org/CVERecord?id=CVE-2024-27419

History

Wed, 06 Nov 2024 08:15:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 29 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-362 CWE-820

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T12:01:27.871Z

Updated: 2024-11-05T09:21:53.305Z

Reserved: 2024-02-25T13:47:42.683Z

Link: CVE-2024-27419

Vulnrichment

Updated: 2024-08-02T00:34:52.300Z

NVD

Status : Awaiting Analysis

Published: 2024-05-17T12:15:13.763

Modified: 2024-11-05T10:16:33.767

Link: CVE-2024-27419

Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2024-27419 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-27419", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:47:42.683Z", "datePublished": "2024-05-17T12:01:27.871Z", "dateUpdated": "2024-11-05T09:21:53.305Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:21:53.305Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Fix data-races around sysctl_net_busy_read\n\nWe need to protect the reader reading the sysctl value because the\nvalue can be changed concurrently."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netrom/af_netrom.c", "net/netrom/nr_in.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "d623fd5298d9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "f9055fa2b293", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "bbf950a6e96a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "0866afaff19d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "43464808669b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "34cab94f7473", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "16d71319e29d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "d380ce70058a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netrom/af_netrom.c", "net/netrom/nr_in.c"], "versions": [{"version": "2.6.12", "status": "affected"}, {"version": "0", "lessThan": "2.6.12", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.310", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.272", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.213", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.152", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.82", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.22", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.10", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856"}, {"url": "https://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a"}, {"url": "https://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3"}, {"url": "https://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1"}, {"url": "https://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf"}, {"url": "https://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b"}, {"url": "https://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc2d60ad4"}, {"url": "https://git.kernel.org/stable/c/d380ce70058a4ccddc3e5f5c2063165dc07672c6"}], "title": "netrom: Fix data-races around sysctl_net_busy_read", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27419", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-20T14:13:24.653763Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:46:48.428Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.300Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc2d60ad4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d380ce70058a4ccddc3e5f5c2063165dc07672c6", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc2d60ad4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d380ce70058a4ccddc3e5f5c2063165dc07672c6", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.300Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27419", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-20T14:13:24.653763Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.808Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "netrom: Fix data-races around sysctl_net_busy_read", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "d623fd5298d9", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "f9055fa2b293", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "bbf950a6e96a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "0866afaff19d", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "43464808669b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "34cab94f7473", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "16d71319e29d", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "d380ce70058a", "versionType": "git"}], "programFiles": ["net/netrom/af_netrom.c", "net/netrom/nr_in.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.12"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.12", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.310", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.272", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.213", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.152", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.82", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.22", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.10", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/netrom/af_netrom.c", "net/netrom/nr_in.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856"}, {"url": "https://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a"}, {"url": "https://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3"}, {"url": "https://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1"}, {"url": "https://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf"}, {"url": "https://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b"}, {"url": "https://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc2d60ad4"}, {"url": "https://git.kernel.org/stable/c/d380ce70058a4ccddc3e5f5c2063165dc07672c6"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Fix data-races around sysctl_net_busy_read\n\nWe need to protect the reader reading the sysctl value because the\nvalue can be changed concurrently."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:21:53.305Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27419", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:21:53.305Z", "dateReserved": "2024-02-25T13:47:42.683Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T12:01:27.871Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: netrom: Fix data-races around sysctl_net_busy_read", "id": "2281093", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281093"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-820->CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetrom: Fix data-races around sysctl_net_busy_read\nWe need to protect the reader reading the sysctl value because the\nvalue can be changed concurrently.", "A flaw was found in the netrom module in the Linux kernel. A race condition can occur when reading the sysctl_net_busy_read resource due to a missing lock, which may impact system stability and can result in a denial of service."], "name": "CVE-2024-27419", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27419\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27419\nhttps://lore.kernel.org/linux-cve-announce/2024051719-CVE-2024-27419-726a@gregkh/T"], "statement": "The netrom module is not built in the kernel shipped in Red Hat Enterprise Linux 8 and 9, so it is not affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.310, kernel 5.4.272, kernel 5.10.213, kernel 5.15.152, kernel 6.1.82, kernel 6.6.22, kernel 6.7.10, kernel 6.8"}