nbd: fix race between timeout and normal completion
CVE-2024-49855

7HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
21 October 2024

What is CVE-2024-49855?

A vulnerability exists in the Linux kernel related to the Network Block Device (NBD) functionality. This issue arises from a race condition occurring during command processing, where a request timeout could lead to an improper handling of the command state, potentially allowing for a use-after-free condition. The vulnerability is addressed by modifying the nbd_requeue_cmd() function to ensure that when a command is requeued due to a timeout, the command's in-flight status is cleared properly. This fix requires that the command lock is correctly acquired during this operation, effectively preventing further complications during the requeuing process and enhancing overall system stability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 2895f1831e911ca87d4efdf43e35eb72a0c7e66e < 9c25faf72d780a9c71081710cd48759d61ff6e9b

Linux 2895f1831e911ca87d4efdf43e35eb72a0c7e66e < 6e73b946a379a1dfbb62626af93843bdfb53753d

Linux 2895f1831e911ca87d4efdf43e35eb72a0c7e66e < 5236ada8ebbd9e7461f17477357582f5be4f46f7

References

https://git.kernel.org/stable/c/9c25faf72d780a9c71081710c...
https://git.kernel.org/stable/c/6e73b946a379a1dfbb62626af...
https://git.kernel.org/stable/c/5236ada8ebbd9e7461f174773...

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.