CVE-2024-38601: ring-buffer: Fix a race between readers and resize checks
First published: Wed Jun 19 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The Linux kernel CVE team has assigned <a href="https://access.redhat.com/security/cve/CVE-2024-38601">CVE-2024-38601</a> to this issue. Upstream advisory: <a href="https://lore.kernel.org/linux-cve-announce/2024061923-CVE-2024-38601-dc52@gregkh/T">https://lore.kernel.org/linux-cve-announce/2024061923-CVE-2024-38601-dc52@gregkh/T</a>
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <4.19.316 | 4.19.316 |
| redhat/kernel | <5.4.278 | 5.4.278 |
| redhat/kernel | <5.10.219 | 5.10.219 |
| redhat/kernel | <5.15.161 | 5.15.161 |
| redhat/kernel | <6.1.93 | 6.1.93 |
| redhat/kernel | <6.6.33 | 6.6.33 |
| redhat/kernel | <6.8.12 | 6.8.12 |
| redhat/kernel | <6.9.3 | 6.9.3 |
| redhat/kernel | <6.10 | 6.10 |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.16-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/1e160196042cac946798ac192a0bc3398f1aa66b
- https://git.kernel.org/stable/c/54c64967ba5f8658ae7da76005024ebd3d9d8f6e
- https://git.kernel.org/stable/c/595363182f28786d641666a09e674b852c83b4bb
- https://git.kernel.org/stable/c/5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1
- https://git.kernel.org/stable/c/79b52013429a42b8efdb0cda8bb0041386abab87
- https://git.kernel.org/stable/c/af3274905b3143ea23142bbf77bd9b610c54e533
- https://git.kernel.org/stable/c/b50932ea673b5a089a4bb570a8a868d95c72854e
- https://git.kernel.org/stable/c/c2274b908db05529980ec056359fae916939fdaa
- https://git.kernel.org/stable/c/c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a
- https://launchpad.net/bugs/cve/CVE-2024-38601
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38601
- https://nvd.nist.gov/vuln/detail/CVE-2024-38601
- https://security-tracker.debian.org/tracker/CVE-2024-38601
- https://ubuntu.com/security/CVE-2024-38601
- https://git.kernel.org/linus/c2274b908db05529980ec056359fae916939fdaa
- https://access.redhat.com/security/cve/CVE-2024-38601
- https://lore.kernel.org/linux-cve-announce/2024061923-CVE-2024-38601-dc52@gregkh/T
- https://access.redhat.com/errata/RHSA-2024:6997
- https://bugzilla.redhat.com/show_bug.cgi?id=2293364
Frequently Asked Questions
What is the severity of CVE-2024-38601?
CVE-2024-38601 has a medium severity rating due to its potential impact on the Linux kernel's stability.
How do I fix CVE-2024-38601?
To fix CVE-2024-38601, update to the latest kernel versions recommended by Red Hat or Debian, specifically those mentioned in the advisory.
Which versions of the Linux kernel are affected by CVE-2024-38601?
CVE-2024-38601 affects several kernel versions including 4.19, 5.4, 5.10, 5.15, and multiple 6.x versions.
Are there any known exploits for CVE-2024-38601?
As of now, there are no widely reported exploits specifically targeting CVE-2024-38601.
What types of systems are impacted by CVE-2024-38601?
CVE-2024-38601 impacts systems running vulnerable versions of the Linux kernel across various distributions.
- agent/title
- agent/type
- collector/nvd-api
- source/NVD
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/author
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-38601
- agent/software-canonical-lookup
- agent/severity
- agent/references
- collector/nvd-cve
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- package-manager/debian