CVE-2024-56584 — Allocation of Resources Without Limits or Throttling in Linux
Severity
5.5MEDIUMNVD
OSV8.8
EPSS
0.0%
top 99.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 27
Latest updateMay 26
Description
In the Linux kernel, the following vulnerability has been resolved:
io_uring/tctx: work around xa_store() allocation error issue
syzbot triggered the following WARN_ON:
WARNING: CPU: 0 PID: 16 at io_uring/tctx.c:51 __io_uring_free+0xfa/0x140 io_uring/tctx.c:51
which is the
WARN_ON_ONCE(!xa_empty(&tctx->xa));
sanity check in __io_uring_free() when a io_uring_task is going through
its final put. The syzbot test case includes injecting memory allocation
failures, and it very much looks like x…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages7 packages
▶CVEListV5linux/linux2b188cc1bb857a9d4701ae59aa7768b5124e262e — 94ad56f61b873ffeebcc620d451eacfbdf9d40f0+4
Patches
🔴Vulnerability Details
16OSV▶
linux, linux-aws, linux-azure, linux-azure-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracl↗2025-04-23