#VU91429 Race condition within a thread in Linux kernel - CVE-2024-27419

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the nr_state1_machine(), nr_state2_machine() and nr_state3_machine() functions in net/netrom/nr_in.c, within the nr_rx_frame() function in net/netrom/af_netrom.c. A local user can manipulate data.

Remediation

External links

• https://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856
• https://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a
• https://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3
• https://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1
• https://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf
• https://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b
• https://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc2d60ad4
• https://git.kernel.org/stable/c/d380ce70058a4ccddc3e5f5c2063165dc07672c6
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.310
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.213
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.152
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.272
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.82
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.22
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8