What is CVE-2024-42300?

In the Linux kernel, the following vulnerability has been resolved: erofs: fix race in z_erofs_get_gbuf() In z_erofs_get_gbuf(), the current task may be migrated to another CPU between `z_erofs_gbuf_id()` and `spin_lock(&gbuf->lock)`. Therefore, z_erofs_put_gbuf() will trigger the following issue which was found by stress test: [772156.434168] kernel BUG at fs/erofs/zutil.c:58! .. [772156.435007] [772156.439237] CPU: 0 PID: 3078 Comm: stress Kdump: loaded Tainted: G E 6.10.0-rc7+ #2 [772156.439239] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 1.0.0 01/01/2017 [772156.439241] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [772156.439243] pc : z_erofs_put_gbuf+0x64/0x70 [erofs] [772156.439252] lr : z_erofs_lz4_decompress+0x600/0x6a0 [erofs] .. [772156.445958] stress (3127): drop_caches: 1 [772156.446120] Call trace: [772156.446121] z_erofs_put_gbuf+0x64/0x70 [erofs] [772156.446761] z_erofs_lz4_decompress+0x600/0x6a0 [erofs] [772156.446897] z_erofs_decompress_queue+0x740/0xa10 [erofs] [772156.447036] z_erofs_runqueue+0x428/0x8c0 [erofs] [772156.447160] z_erofs_readahead+0x224/0x390 [erofs] ..

How severe is CVE-2024-42300?

This vulnerability has a severity rating of NONE with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-42300?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2024-42300 - NONE Severity | CVSS N/A

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: erofs: fix race in z_erofs_get_gbuf() In z_erofs_get_gbuf(), the current task may be migrated to another CPU between `z_erofs_gbuf_id()` and `spin_lock(&gbuf->lock)`. Therefore, z_erofs_put_gbuf() will trigger the following issue which was found by stress test: <2>[772156.434168] kernel BUG at fs/erofs/zutil.c:58! .. <4>[772156.435007] <4>[772156.439237] CPU: 0 PID: 3078 Comm: stress Kdump: loaded Tainted: G E 6.10.0-rc7+ #2 <4>[772156.439239] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 1.0.0 01/01/2017 <4>[772156.439241] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) <4>[772156.439243] pc : z_erofs_put_gbuf+0x64/0x70 [erofs] <4>[772156.439252] lr : z_erofs_lz4_decompress+0x600/0x6a0 [erofs] .. <6>[772156.445958] stress (3127): drop_caches: 1 <4>[772156.446120] Call trace: <4>[772156.446121] z_erofs_put_gbuf+0x64/0x70 [erofs] <4>[772156.446761] z_erofs_lz4_decompress+0x600/0x6a0 [erofs] <4>[772156.446897] z_erofs_decompress_queue+0x740/0xa10 [erofs] <4>[772156.447036] z_erofs_runqueue+0x428/0x8c0 [erofs] <4>[772156.447160] z_erofs_readahead+0x224/0x390 [erofs] ..

Related Vulnerabilities

CVE-2016-8284

LOW

CVSS:1.8(Low)

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.

NVD-CWE-Other2016

CVE-2017-10122

LOW

CVSS:1.8(Low)

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high p...

NVD-CWE-Other2017

CVE-2018-3270

LOW

CVSS:1.8(Low)

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privi...

NVD-CWE-Other2018

CVE-2019-3008

LOW

CVSS:1.8(Low)

Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacke...

NVD-CWE-Other2019

CVE-2021-2147

LOW

CVSS:1.8(Low)

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Installation). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high...

NVD-CWE-Other2021

CVE-2021-35618

LOW

CVSS:1.8(Low)

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high priv...

NVD-CWE-Other2021