{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-43869", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-17T09:11:59.280Z", "datePublished": "2024-08-21T00:06:20.807Z", "dateUpdated": "2025-11-03T22:06:17.395Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:58:15.693Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n prepare_task_switch()\n=======> <NMI>\n perf_event_overflow()\n event->pending_sigtrap = ...\n irq_work_queue(&event->pending_irq)\n<======= </NMI>\n perf_event_task_sched_out()\n event_sched_out()\n event->pending_sigtrap = 0;\n atomic_long_inc_not_zero(&event->refcount)\n task_work_add(&event->pending_task)\n finish_lock_switch()\n=======> <IRQ>\n perf_pending_irq()\n //do nothing, rely on pending task work\n<======= </IRQ>\n\nbegin_new_exec()\n perf_event_exit_task()\n perf_event_exit_event()\n // If is child event\n free_event()\n WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/perf_event.h", "kernel/events/core.c"], "versions": [{"version": "8bffa95ac19ff27c8261904f89d36c7fcf215d59", "lessThan": "9ad46f1fef421d43cdab3a7d1744b2f43b54dae0", "status": "affected", "versionType": "git"}, {"version": "517e6a301f34613bff24a8e35b5455884f2d83d8", "lessThan": "ed2c202dac55423a52d7e2290f2888bf08b8ee99", "status": "affected", "versionType": "git"}, {"version": "517e6a301f34613bff24a8e35b5455884f2d83d8", "lessThan": "104e258a004037bc7dba9f6085c71dad6af57ad4", "status": "affected", "versionType": "git"}, {"version": "517e6a301f34613bff24a8e35b5455884f2d83d8", "lessThan": "f34d8307a73a18de5320fcc6f40403146d061891", "status": "affected", "versionType": "git"}, {"version": "517e6a301f34613bff24a8e35b5455884f2d83d8", "lessThan": "3a5465418f5fd970e86a86c7f4075be262682840", "status": "affected", "versionType": "git"}, {"version": "78e1317a174edbfd1182599bf76c092a2877672c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/perf_event.h", "kernel/events/core.c"], "versions": [{"version": "6.1", "status": "affected"}, {"version": "0", "lessThan": "6.1", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.165", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.103", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.44", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.3", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.84", "versionEndExcluding": "5.15.165"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.1.103"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.6.44"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.10.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9ad46f1fef421d43cdab3a7d1744b2f43b54dae0"}, {"url": "https://git.kernel.org/stable/c/ed2c202dac55423a52d7e2290f2888bf08b8ee99"}, {"url": "https://git.kernel.org/stable/c/104e258a004037bc7dba9f6085c71dad6af57ad4"}, {"url": "https://git.kernel.org/stable/c/f34d8307a73a18de5320fcc6f40403146d061891"}, {"url": "https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840"}], "title": "perf: Fix event leak upon exec and file release", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43869", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:06:26.274126Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:18.868Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:06:17.395Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43869", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:06:26.274126Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:22.719Z"}}], "cna": {"title": "perf: Fix event leak upon exec and file release", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "8bffa95ac19ff27c8261904f89d36c7fcf215d59", "lessThan": "9ad46f1fef421d43cdab3a7d1744b2f43b54dae0", "versionType": "git"}, {"status": "affected", "version": "517e6a301f34613bff24a8e35b5455884f2d83d8", "lessThan": "ed2c202dac55423a52d7e2290f2888bf08b8ee99", "versionType": "git"}, {"status": "affected", "version": "517e6a301f34613bff24a8e35b5455884f2d83d8", "lessThan": "104e258a004037bc7dba9f6085c71dad6af57ad4", "versionType": "git"}, {"status": "affected", "version": "517e6a301f34613bff24a8e35b5455884f2d83d8", "lessThan": "f34d8307a73a18de5320fcc6f40403146d061891", "versionType": "git"}, {"status": "affected", "version": "517e6a301f34613bff24a8e35b5455884f2d83d8", "lessThan": "3a5465418f5fd970e86a86c7f4075be262682840", "versionType": "git"}, {"status": "affected", "version": "78e1317a174edbfd1182599bf76c092a2877672c", "versionType": "git"}], "programFiles": ["include/linux/perf_event.h", "kernel/events/core.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.1"}, {"status": "unaffected", "version": "0", "lessThan": "6.1", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.165", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.103", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.44", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.3", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["include/linux/perf_event.h", "kernel/events/core.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/9ad46f1fef421d43cdab3a7d1744b2f43b54dae0"}, {"url": "https://git.kernel.org/stable/c/ed2c202dac55423a52d7e2290f2888bf08b8ee99"}, {"url": "https://git.kernel.org/stable/c/104e258a004037bc7dba9f6085c71dad6af57ad4"}, {"url": "https://git.kernel.org/stable/c/f34d8307a73a18de5320fcc6f40403146d061891"}, {"url": "https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n prepare_task_switch()\n=======> <NMI>\n perf_event_overflow()\n event->pending_sigtrap = ...\n irq_work_queue(&event->pending_irq)\n<======= </NMI>\n perf_event_task_sched_out()\n event_sched_out()\n event->pending_sigtrap = 0;\n atomic_long_inc_not_zero(&event->refcount)\n task_work_add(&event->pending_task)\n finish_lock_switch()\n=======> <IRQ>\n perf_pending_irq()\n //do nothing, rely on pending task work\n<======= </IRQ>\n\nbegin_new_exec()\n perf_event_exit_task()\n perf_event_exit_event()\n // If is child event\n free_event()\n WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.165", "versionStartIncluding": "5.15.84"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.103", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "6.0.14"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:58:15.693Z"}}}, "cveMetadata": {"cveId": "CVE-2024-43869", "state": "PUBLISHED", "dateUpdated": "2025-05-04T12:58:15.693Z", "dateReserved": "2024-08-17T09:11:59.280Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-21T00:06:20.807Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CDA21AC-1B7F-43BB-A5AB-DE250F0087FD", "versionEndExcluding": "5.15.165", "versionStartIncluding": "5.15.84", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B5BAA1B-569A-4E0A-A908-169F763D7822", "versionEndExcluding": "6.1", "versionStartIncluding": "6.0.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E81DCA61-01CC-46C8-A0B4-9B1E202ED898", "versionEndExcluding": "6.1.103", "versionStartIncluding": "6.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A", "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*", "matchCriteriaId": "21718AA4-4056-40F2-968E-BDAA465A7872", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n prepare_task_switch()\n=======> <NMI>\n perf_event_overflow()\n event->pending_sigtrap = ...\n irq_work_queue(&event->pending_irq)\n<======= </NMI>\n perf_event_task_sched_out()\n event_sched_out()\n event->pending_sigtrap = 0;\n atomic_long_inc_not_zero(&event->refcount)\n task_work_add(&event->pending_task)\n finish_lock_switch()\n=======> <IRQ>\n perf_pending_irq()\n //do nothing, rely on pending task work\n<======= </IRQ>\n\nbegin_new_exec()\n perf_event_exit_task()\n perf_event_exit_event()\n // If is child event\n free_event()\n WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: perf: corrige la fuga de eventos al liberar el archivo y el ejecutable. El trabajo de la tarea pendiente de rendimiento nunca se espera hasta que se libere el evento correspondiente. En el caso de un evento secundario, publicado directamente a trav\u00e9s de free_event(), esto puede potencialmente resultar en un evento filtrado, como en el siguiente escenario que ni siquiera requiere una implementaci\u00f3n de trabajo IRQ d\u00e9bil para activarse: Schedule() prepare_task_switch() =======&gt; perf_event_overflow() evento-&gt;pending_sigtrap = ... irq_work_queue(&amp;event-&gt;pending_irq) &lt;======= perf_event_task_sched_out() event_sched_out() evento-&gt; pendiente_sigtrap = 0; atomic_long_inc_not_zero(&amp;event-&gt;refcount) task_work_add(&amp;event-&gt;pending_task) Finish_lock_switch() =======&gt; perf_pending_irq() //no hacer nada, confiar en el trabajo de la tarea pendiente &lt;======= &lt; /IRQ&gt; comenzar_new_exec() perf_event_exit_task() perf_event_exit_event() // Si es un evento secundario free_event() WARN(atomic_long_cmpxchg(&amp;event-&gt;refcount, 1, 0) != 1) // el evento se filtr\u00f3 Tambi\u00e9n pueden ocurrir escenarios similares con perf_event_remove_on_exec () o simplemente contra perf_event_release() concurrente. Solucione este problema sincronizando con el trabajo de tarea pendiente posiblemente restante mientras se libera el evento, tal como se hace con el trabajo de IRQ pendiente restante. Esto significa que la devoluci\u00f3n de llamada de la tarea pendiente no necesita ni debe contener una referencia al evento, lo que impide que se libere."}], "id": "CVE-2024-43869", "lastModified": "2025-11-03T22:18:14.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-21T01:15:11.550", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/104e258a004037bc7dba9f6085c71dad6af57ad4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9ad46f1fef421d43cdab3a7d1744b2f43b54dae0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ed2c202dac55423a52d7e2290f2888bf08b8ee99"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f34d8307a73a18de5320fcc6f40403146d061891"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: perf: Fix event leak upon exec and file release", "id": "2306363", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2306363"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "status": "verified"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nperf: Fix event leak upon exec and file release\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\nschedule()\nprepare_task_switch()\n=======> <NMI>\nperf_event_overflow()\nevent->pending_sigtrap = ...\nirq_work_queue(&event->pending_irq)\n<======= </NMI>\nperf_event_task_sched_out()\nevent_sched_out()\nevent->pending_sigtrap = 0;\natomic_long_inc_not_zero(&event->refcount)\ntask_work_add(&event->pending_task)\nfinish_lock_switch()\n=======> <IRQ>\nperf_pending_irq()\n//do nothing, rely on pending task work\n<======= </IRQ>\nbegin_new_exec()\nperf_event_exit_task()\nperf_event_exit_event()\n// If is child event\nfree_event()\nWARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n// event is leaked\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed."], "name": "CVE-2024-43869", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-43869\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-43869\nhttps://lore.kernel.org/linux-cve-announce/2024082133-CVE-2024-43869-26aa@gregkh/T"], "threat_severity": "Moderate"}

{}