CVE-2024-47746

Published: Oct 21, 2024Modified: Oct 22, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: fuse: use exclusive lock when FUSE_I_CACHE_IO_MODE is set This may be a typo. The comment has said shared locks are not allowed when this bit is set. If using shared lock, the wait in `fuse_file_cached_io_open` may be forever.

Affected (2)

Products: Linux: Linux Kernel

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.11 to 6.11.2
Linux Linux Kernel	From 6.9 to 6.10.13

Related CWEs

Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References (3)

https://git.kernel.org/stable/c/2f3d8ff457982f4055fe8f7bf19d3821ba22c376

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/4e181761ffec67307157a7e8a78d58ee4130cf00

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/fa4890bd8237e5a1e7428acd7328729db2703b23

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.