{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47668", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-30T16:00:12.936Z", "datePublished": "2024-10-09T14:14:00.189Z", "dateUpdated": "2024-11-05T09:48:25.933Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:48:25.933Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["lib/generic-radix-tree.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "0f27f4f44539", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "99418ec776a3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "ad5ee9feebc2", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "ebeff038744c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "d942e855324a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "0f078f8ca93b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "b2f11c6f3e1f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["lib/generic-radix-tree.c"], "versions": [{"version": "5.4.284", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.226", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.167", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.110", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.51", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.10", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da"}, {"url": "https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283"}, {"url": "https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169"}, {"url": "https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7"}, {"url": "https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e"}, {"url": "https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f"}, {"url": "https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae"}], "title": "lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T13:21:11.227741Z", "id": "CVE-2024-47668", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T13:21:24.795Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "0f27f4f44539", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "99418ec776a3", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "ad5ee9feebc2", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "ebeff038744c", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "d942e855324a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "0f078f8ca93b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "b2f11c6f3e1f", "versionType": "git"}], "programFiles": ["lib/generic-radix-tree.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.4.284", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.226", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.167", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.110", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.51", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.10", "versionType": "custom", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["lib/generic-radix-tree.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da"}, {"url": "https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283"}, {"url": "https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169"}, {"url": "https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7"}, {"url": "https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e"}, {"url": "https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f"}, {"url": "https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-10-09T14:14:00.189Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47668", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-10T13:21:11.227741Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-10-10T13:21:15.128Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-47668", "state": "PUBLISHED", "dateUpdated": "2024-10-09T14:14:00.189Z", "dateReserved": "2024-09-30T16:00:12.936Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-09T14:14:00.189Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1C17E9C-479F-4AE4-8344-B7A213DE3E83", "versionEndExcluding": "5.4.284", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97", "versionEndExcluding": "5.10.226", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1", "versionEndExcluding": "5.15.167", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE", "versionEndExcluding": "6.1.110", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0", "versionEndExcluding": "6.6.51", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED", "versionEndExcluding": "6.10.10", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: lib/generic-radix-tree.c: Se corrige una ejecuci\u00f3n poco frecuente en __genradix_ptr_alloc() Si necesitamos aumentar la profundidad del \u00e1rbol, asignar un nuevo nodo y luego competir con otro hilo que aument\u00f3 la profundidad del \u00e1rbol antes que nosotros, a\u00fan tendremos un nodo preasignado que podr\u00eda usarse m\u00e1s adelante. Si luego usamos ese nodo para un nuevo nodo que no sea ra\u00edz, a\u00fan tendr\u00e1 un puntero a la ra\u00edz anterior en lugar de estar a cero: solucione esto poni\u00e9ndolo a cero en la ruta de falla cmpxchg."}], "id": "CVE-2024-47668", "lastModified": "2024-10-23T15:30:00.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-09T15:15:15.513", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:8870", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.27.1.rt7.368.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8856", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.27.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-11-05T00:00:00Z"}], "bugzilla": {"description": "kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()", "id": "2317601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317601"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path."], "name": "CVE-2024-47668", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47668\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47668\nhttps://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47668-6b53@gregkh/T"], "threat_severity": "Moderate"}