Race condition within a thread in Linux kernel - CVE-2024-53160
Published: December 27, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU101926
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-53160
CWE-ID: CWE-366
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the krc_count(), schedule_delayed_monitor_work() and kvfree_call_rcu() functions in kernel/rcu/tree.c. A local user can corrupt data.
How to mitigate CVE-2024-53160
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/05b8ea1f16667f07c8e5843fb4bde3e49d49ead8
- https://git.kernel.org/stable/c/5ced426d97ce84299ecfcc7bd8b38f975fd11089
- https://git.kernel.org/stable/c/967a0e61910825d1fad009d836a6cb41f7402395
- https://git.kernel.org/stable/c/a23da88c6c80e41e0503e0b481a22c9eea63f263
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.64