CVE-2024-43892Race Condition in Linux

CWE-362Race Condition49 documents7 sources
Severity
4.7MEDIUMNVD
OSV8.8OSV7.8OSV7.1OSV5.5
EPSS
0.0%
top 98.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedAug 26
Latest updateApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creation failures. It introduced IDR to maintain the memcg ID space. The IDR depends on external synchronization mechanisms for modifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace() happen within css callba

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages10 packages

NVDlinux/linux_kernel4.76.6.46+2
Debianlinux/linux_kernel< 5.10.226-1+3
Ubuntulinux/linux_kernel< 5.4.0-204.224+4

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

24
OSV
linux-iot vulnerabilities2025-04-03
OSV
linux-lts-xenial vulnerabilities2025-03-13
OSV
linux-azure, linux-azure-4.15 vulnerabilities2025-03-13
OSV
linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-kvm, linux-oracle vulnerabilities2025-03-11
OSV
linux-kvm vulnerabilities2025-03-11

📋Vendor Advisories

24
Ubuntu
Linux kernel (IoT) vulnerabilities2025-04-03
Ubuntu
Linux kernel vulnerabilities2025-03-13
Ubuntu
Linux kernel vulnerabilities2025-03-13
Ubuntu
Linux kernel vulnerabilities2025-03-11
Ubuntu
Linux kernel vulnerabilities2025-03-11