Infinite loop in Linux kernel - CVE-2024-38601

Detailed vulnerability description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.

How to mitigate CVE-2024-38601

Sources

• https://git.kernel.org/stable/c/b50932ea673b5a089a4bb570a8a868d95c72854e
• https://git.kernel.org/stable/c/c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a
• https://git.kernel.org/stable/c/1e160196042cac946798ac192a0bc3398f1aa66b
• https://git.kernel.org/stable/c/595363182f28786d641666a09e674b852c83b4bb
• https://git.kernel.org/stable/c/54c64967ba5f8658ae7da76005024ebd3d9d8f6e
• https://git.kernel.org/stable/c/af3274905b3143ea23142bbf77bd9b610c54e533
• https://git.kernel.org/stable/c/5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1
• https://git.kernel.org/stable/c/79b52013429a42b8efdb0cda8bb0041386abab87
• https://git.kernel.org/stable/c/c2274b908db05529980ec056359fae916939fdaa
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.278
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.12