CVE-2024-50294

Published: Nov 19, 2024Modified: Oct 1, 2025

4.7

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.0 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted (e.g. because kafs saw a signal) between it being queued for connection and the I/O thread picking up the call, the abort will be prioritised over the connection and it will be removed from local->new_client_calls by rxrpc_disconnect_client_call() without a lock being held. This may cause other calls on the list to disappear if a race occurs. Fix this by taking the client_call_lock when removing a call from whatever list its ->wait_link happens to be on.

Affected (14)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.2.1 to 6.6.61
Linux Linux Kernel	From 6.7 to 6.11.8
Linux Linux Kernel	Version 6.12 rc1
Linux Linux Kernel	Version 6.12 rc2
Linux Linux Kernel	Version 6.12 rc3
Linux Linux Kernel	Version 6.12 rc4
Linux Linux Kernel	Version 6.12 rc5
Linux Linux Kernel	Version 6.12 rc6
Linux Linux Kernel	Version 6.2
Linux Linux Kernel	Version 6.2 rc4
Linux Linux Kernel	Version 6.2 rc5
Linux Linux Kernel	Version 6.2 rc6
Linux Linux Kernel	Version 6.2 rc7
Linux Linux Kernel	Version 6.2 rc8

Related CWEs

CWE-667

Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References (3)

https://git.kernel.org/stable/c/996a7208dadbf2cdda8d51444d5ee1fdd1ccbc92

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/b1fdb0bb3b6513f5bd26f92369fd6ac1a2422d8b

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/fc9de52de38f656399d2ce40f7349a6b5f86e787

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.