CVE-2024-26606: binder: signal epoll threads of self-work
First published: Mon Feb 26 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indefinitely for an event leaving their work unhandled. What is worse, subsequent commands won't trigger a wakeup either as the thread has pending work.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=2.6.29<4.19.307 | |
| Linux Linux kernel | >=4.20.0<5.4.269 | |
| Linux Linux kernel | >=5.5.0<5.10.210 | |
| Linux Linux kernel | >=5.11.0<5.15.149 | |
| Linux Linux kernel | >=5.16.0<6.1.79 | |
| Linux Linux kernel | >=6.2.0<6.6.18 | |
| Linux Linux kernel | >=6.7.0<6.7.6 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.112-1 6.11.7-1 6.11.9-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61
- https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc
- https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769
- https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69
- https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7
- https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc
- https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68
- https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac
- https://launchpad.net/bugs/cve/CVE-2024-26606
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26606
- https://nvd.nist.gov/vuln/detail/CVE-2024-26606
- https://security-tracker.debian.org/tracker/CVE-2024-26606
- https://ubuntu.com/security/CVE-2024-26606
- https://git.kernel.org/linus/97830f3c3088638ff90b20dfba2eb4d487bf14d7
- agent/title
- agent/type
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/severity
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/nvd-cve
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/2.6.29
- version/linux linux kernel/4.20.0
- version/linux linux kernel/5.5.0
- version/linux linux kernel/5.11.0
- version/linux linux kernel/5.16.0
- version/linux linux kernel/6.2.0
- version/linux linux kernel/6.7.0
- package-manager/debian