SB20240608141 - Race condition within a thread in Linux kernel netrom
Published: June 8, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240608141
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition within a thread (CVE-ID: CVE-2024-27419)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nr_state1_machine(), nr_state2_machine() and nr_state3_machine() functions in net/netrom/nr_in.c, within the nr_rx_frame() function in net/netrom/af_netrom.c. A local user can manipulate data.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856
- https://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a
- https://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3
- https://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1
- https://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf
- https://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b
- https://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc2d60ad4
- https://git.kernel.org/stable/c/d380ce70058a4ccddc3e5f5c2063165dc07672c6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.310
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.213
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.152
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.272
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.82
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8