CVE-2024-50210Improper Locking in Linux

CWE-667Improper Locking17 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 98.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedNov 8
Latest updateApr 24

Description

In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error path should release the lock to make the lock balance and fput the clockid's fd to make the refcount balance and release the fd related resource. However the below commit left the error path locked behind resulting in unbalanced locking. Check

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel5.10.2285.11+5
Debianlinux/linux_kernel< 5.10.234-1+3
Ubuntulinux/linux_kernel< 6.8.0-58.60
CVEListV5linux/linux29f085345cde24566efb751f39e5d367c381c584d005400262ddaf1ca1666bbcd1acf42fe81d57ce+12
debiandebian/linux< linux 6.1.115-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

8
OSV
linux-hwe-6.8 vulnerabilities2025-04-24
OSV
linux, linux-aws, linux-azure, linux-azure-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracl2025-04-23
OSV
linux-realtime vulnerabilities2025-04-23
OSV
linux-gcp-6.8 vulnerabilities2025-04-23
OSV
linux-aws-6.8 vulnerabilities2025-04-23

📋Vendor Advisories

8
Ubuntu
Linux kernel (HWE) vulnerabilities2025-04-24
Ubuntu
Linux kernel (Real-time) vulnerabilities2025-04-23
Ubuntu
Linux kernel vulnerabilities2025-04-23
Ubuntu
Linux kernel vulnerabilities2025-04-23
Ubuntu
Linux kernel vulnerabilities2025-04-23