{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42250", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-30T07:40:12.256Z", "datePublished": "2024-08-07T15:14:33.997Z", "dateUpdated": "2024-09-11T17:34:30.655Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-08-07T15:14:33.997Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: add missing lock protection when polling\n\nAdd missing lock protection in poll routine when iterating xarray,\notherwise:\n\nEven with RCU read lock held, only the slot of the radix tree is\nensured to be pinned there, while the data structure (e.g. struct\ncachefiles_req) stored in the slot has no such guarantee. The poll\nroutine will iterate the radix tree and dereference cachefiles_req\naccordingly. Thus RCU read lock is not adequate in this case and\nspinlock is needed here."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/cachefiles/daemon.c"], "versions": [{"version": "0e19a18f998d", "lessThan": "97cfd5e20ddc", "status": "affected", "versionType": "git"}, {"version": "189438643427", "lessThan": "6bb6bd3dd6f3", "status": "affected", "versionType": "git"}, {"version": "b817e22b2e91", "lessThan": "8eadcab7f3dd", "status": "affected", "versionType": "git"}, {"version": "b817e22b2e91", "lessThan": "cf5bb09e742a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/cachefiles/daemon.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.10", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/97cfd5e20ddc2e33e16ce369626ce76c9a475fd7"}, {"url": "https://git.kernel.org/stable/c/6bb6bd3dd6f382dfd36220d4b210a0c77c066651"}, {"url": "https://git.kernel.org/stable/c/8eadcab7f3dd809edbe5ae20533ff843dfea3a07"}, {"url": "https://git.kernel.org/stable/c/cf5bb09e742a9cf6349127e868329a8f69b7a014"}], "title": "cachefiles: add missing lock protection when polling", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42250", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:13:18.948935Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:30.655Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42250", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:13:18.948935Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.105Z"}}], "cna": {"title": "cachefiles: add missing lock protection when polling", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "0e19a18f998d", "lessThan": "97cfd5e20ddc", "versionType": "git"}, {"status": "affected", "version": "189438643427", "lessThan": "6bb6bd3dd6f3", "versionType": "git"}, {"status": "affected", "version": "b817e22b2e91", "lessThan": "8eadcab7f3dd", "versionType": "git"}, {"status": "affected", "version": "b817e22b2e91", "lessThan": "cf5bb09e742a", "versionType": "git"}], "programFiles": ["fs/cachefiles/daemon.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.8"}, {"status": "unaffected", "version": "0", "lessThan": "6.8", "versionType": "custom"}, {"status": "unaffected", "version": "6.9.10", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/cachefiles/daemon.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/97cfd5e20ddc2e33e16ce369626ce76c9a475fd7"}, {"url": "https://git.kernel.org/stable/c/6bb6bd3dd6f382dfd36220d4b210a0c77c066651"}, {"url": "https://git.kernel.org/stable/c/8eadcab7f3dd809edbe5ae20533ff843dfea3a07"}, {"url": "https://git.kernel.org/stable/c/cf5bb09e742a9cf6349127e868329a8f69b7a014"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: add missing lock protection when polling\n\nAdd missing lock protection in poll routine when iterating xarray,\notherwise:\n\nEven with RCU read lock held, only the slot of the radix tree is\nensured to be pinned there, while the data structure (e.g. struct\ncachefiles_req) stored in the slot has no such guarantee. The poll\nroutine will iterate the radix tree and dereference cachefiles_req\naccordingly. Thus RCU read lock is not adequate in this case and\nspinlock is needed here."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-08-07T15:14:33.997Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42250", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:30.655Z", "dateReserved": "2024-07-30T07:40:12.256Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-07T15:14:33.997Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FAC1A24-181A-4DB7-801D-4BDF1B4E4116", "versionEndExcluding": "6.9.10", "versionStartIncluding": "6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: add missing lock protection when polling\n\nAdd missing lock protection in poll routine when iterating xarray,\notherwise:\n\nEven with RCU read lock held, only the slot of the radix tree is\nensured to be pinned there, while the data structure (e.g. struct\ncachefiles_req) stored in the slot has no such guarantee. The poll\nroutine will iterate the radix tree and dereference cachefiles_req\naccordingly. Thus RCU read lock is not adequate in this case and\nspinlock is needed here."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: archivos de cach\u00e9: agregue protecci\u00f3n de bloqueo faltante al sondear. Agregue protecci\u00f3n de bloqueo faltante en la rutina de sondeo al iterar xarray; de lo contrario: incluso con el bloqueo de lectura de RCU mantenido, solo se garantiza que la ranura del \u00e1rbol de base ser anclado all\u00ed, mientras que la estructura de datos (por ejemplo, struct cachefiles_req) almacenada en la ranura no tiene tal garant\u00eda. La rutina de sondeo iterar\u00e1 el \u00e1rbol de base y eliminar\u00e1 la referencia a cachefiles_req en consecuencia. Por lo tanto, el bloqueo de lectura de la RCU no es adecuado en este caso y aqu\u00ed se necesita el bloqueo de giro."}], "id": "CVE-2024-42250", "lastModified": "2024-08-08T20:55:19.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-07T16:15:47.567", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6bb6bd3dd6f382dfd36220d4b210a0c77c066651"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8eadcab7f3dd809edbe5ae20533ff843dfea3a07"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/97cfd5e20ddc2e33e16ce369626ce76c9a475fd7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cf5bb09e742a9cf6349127e868329a8f69b7a014"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: cachefiles: add missing lock protection when polling", "id": "2303518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303518"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-667", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncachefiles: add missing lock protection when polling\nAdd missing lock protection in poll routine when iterating xarray,\notherwise:\nEven with RCU read lock held, only the slot of the radix tree is\nensured to be pinned there, while the data structure (e.g. struct\ncachefiles_req) stored in the slot has no such guarantee. The poll\nroutine will iterate the radix tree and dereference cachefiles_req\naccordingly. Thus RCU read lock is not adequate in this case and\nspinlock is needed here.", "A flaw was found in the cachefiles module in the Linux kernel. An improper locking protection in the cachefiles_daemon_poll function in the fs/cachefiles/daemon.c file can result in a race condition."], "name": "CVE-2024-42250", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42250\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42250\nhttps://lore.kernel.org/linux-cve-announce/2024080743-CVE-2024-42250-9580@gregkh/T"], "statement": "The kernel, as shipped in Red Hat Enterprise Linux 8 and 9, is not affected by this vulnerability because the vulnerable code is not present.", "threat_severity": "Moderate"}