Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-57942 (GCVE-0-2024-57942)
Vulnerability from cvelistv5 – Published: 2025-01-21 12:18 – Updated: 2025-05-04 10:07
VLAI?
EPSS
Title
netfs: Fix ceph copy to cache on write-begin
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfs: Fix ceph copy to cache on write-begin
At the end of netfs_unlock_read_folio() in which folios are marked
appropriately for copying to the cache (either with by being marked dirty
and having their private data set or by having PG_private_2 set) and then
unlocked, the folio_queue struct has the entry pointing to the folio
cleared. This presents a problem for netfs_pgpriv2_write_to_the_cache(),
which is used to write folios marked with PG_private_2 to the cache as it
expects to be able to trawl the folio_queue list thereafter to find the
relevant folios, leading to a hang.
Fix this by not clearing the folio_queue entry if we're going to do the
deprecated copy-to-cache. The clearance will be done instead as the folios
are written to the cache.
This can be reproduced by starting cachefiles, mounting a ceph filesystem
with "-o fsc" and writing to it.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/netfs/read_collect.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "43b8d3249b0b71bad239d42dbe08ce6c938ba000",
"status": "affected",
"version": "ee4cdf7ba857a894ad1650d6ab77669cbbfa329e",
"versionType": "git"
},
{
"lessThan": "38cf8e945721ffe708fa675507465da7f4f2a9f7",
"status": "affected",
"version": "ee4cdf7ba857a894ad1650d6ab77669cbbfa329e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/netfs/read_collect.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix ceph copy to cache on write-begin\n\nAt the end of netfs_unlock_read_folio() in which folios are marked\nappropriately for copying to the cache (either with by being marked dirty\nand having their private data set or by having PG_private_2 set) and then\nunlocked, the folio_queue struct has the entry pointing to the folio\ncleared. This presents a problem for netfs_pgpriv2_write_to_the_cache(),\nwhich is used to write folios marked with PG_private_2 to the cache as it\nexpects to be able to trawl the folio_queue list thereafter to find the\nrelevant folios, leading to a hang.\n\nFix this by not clearing the folio_queue entry if we\u0027re going to do the\ndeprecated copy-to-cache. The clearance will be done instead as the folios\nare written to the cache.\n\nThis can be reproduced by starting cachefiles, mounting a ceph filesystem\nwith \"-o fsc\" and writing to it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T10:07:09.915Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/43b8d3249b0b71bad239d42dbe08ce6c938ba000"
},
{
"url": "https://git.kernel.org/stable/c/38cf8e945721ffe708fa675507465da7f4f2a9f7"
}
],
"title": "netfs: Fix ceph copy to cache on write-begin",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57942",
"datePublished": "2025-01-21T12:18:10.532Z",
"dateReserved": "2025-01-19T11:50:08.378Z",
"dateUpdated": "2025-05-04T10:07:09.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-983W-HQXF-C48P
Vulnerability from github – Published: 2025-01-21 15:31 – Updated: 2025-10-15 15:30
VLAI?
Details
In the Linux kernel, the following vulnerability has been resolved:
netfs: Fix ceph copy to cache on write-begin
At the end of netfs_unlock_read_folio() in which folios are marked appropriately for copying to the cache (either with by being marked dirty and having their private data set or by having PG_private_2 set) and then unlocked, the folio_queue struct has the entry pointing to the folio cleared. This presents a problem for netfs_pgpriv2_write_to_the_cache(), which is used to write folios marked with PG_private_2 to the cache as it expects to be able to trawl the folio_queue list thereafter to find the relevant folios, leading to a hang.
Fix this by not clearing the folio_queue entry if we're going to do the deprecated copy-to-cache. The clearance will be done instead as the folios are written to the cache.
This can be reproduced by starting cachefiles, mounting a ceph filesystem with "-o fsc" and writing to it.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2024-57942"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T13:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix ceph copy to cache on write-begin\n\nAt the end of netfs_unlock_read_folio() in which folios are marked\nappropriately for copying to the cache (either with by being marked dirty\nand having their private data set or by having PG_private_2 set) and then\nunlocked, the folio_queue struct has the entry pointing to the folio\ncleared. This presents a problem for netfs_pgpriv2_write_to_the_cache(),\nwhich is used to write folios marked with PG_private_2 to the cache as it\nexpects to be able to trawl the folio_queue list thereafter to find the\nrelevant folios, leading to a hang.\n\nFix this by not clearing the folio_queue entry if we\u0027re going to do the\ndeprecated copy-to-cache. The clearance will be done instead as the folios\nare written to the cache.\n\nThis can be reproduced by starting cachefiles, mounting a ceph filesystem\nwith \"-o fsc\" and writing to it.",
"id": "GHSA-983w-hqxf-c48p",
"modified": "2025-10-15T15:30:21Z",
"published": "2025-01-21T15:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57942"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/38cf8e945721ffe708fa675507465da7f4f2a9f7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43b8d3249b0b71bad239d42dbe08ce6c938ba000"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
cve-2024-57942
Vulnerability from osv_almalinux
Published
2025-11-11 00:00
Modified
2025-11-24 10:55
Summary
Moderate: kernel security update
Details
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466) (CVE-2024-53241)
- kernel: exfat: fix out-of-bounds access of directory entries (CVE-2024-53147)
- kernel: zram: fix NULL pointer in comp_algorithm_show() (CVE-2024-53222)
- kernel: nfsd: release svc_expkey/svc_export with rcu_work (CVE-2024-53216)
- kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662)
- kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (CVE-2024-56675)
- kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (CVE-2024-56690)
- kernel: igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332)
- kernel: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (CVE-2024-57901)
- kernel: af_packet: fix vlan_get_tci() vs MSG_PEEK (CVE-2024-57902)
- kernel: io_uring/sqpoll: zero sqd->thread on tctx errors (CVE-2025-21633)
- kernel: ipvlan: Fix use-after-free in ipvlan_get_iflink(). (CVE-2025-21652)
- kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647)
- kernel: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (CVE-2025-21655)
- kernel: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled (CVE-2024-57941)
- kernel: netfs: Fix ceph copy to cache on write-begin (CVE-2024-57942)
- kernel: zram: fix potential UAF of zram table (CVE-2025-21671)
- kernel: pktgen: Avoid out-of-bounds access in get_imix_entries (CVE-2025-21680)
- kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug (CVE-2025-21693)
- kernel: cachestat: fix page cache statistics permission checking (CVE-2025-21691)
- kernel: mm: clear uffd-wp PTE/PMD state on mremap() (CVE-2025-21696)
- kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702)
- kernel: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (CVE-2025-21732)
- kernel: NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795)
- kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() (CVE-2024-54456)
- kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CVE-2024-57987)
- kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014)
- kernel: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CVE-2024-57988)
- kernel: drm/xe/tracing: Fix a potential TP_printk UAF (CVE-2024-49570)
- kernel: media: intel/ipu6: remove cpu latency qos request on error (CVE-2024-58004)
- kernel: usbnet: ipheth: use static NDP16 location in URB (CVE-2025-21742)
- kernel: usbnet: ipheth: fix possible overflow in DPE length check (CVE-2025-21743)
- kernel: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links (CVE-2024-57989)
- kernel: wifi: ath12k: Fix for out-of bound access error (CVE-2024-58015)
- kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995)
- kernel: nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796)
- kernel: workqueue: Put the pwq after detaching the rescuer from the pool (CVE-2025-21786)
- kernel: tpm: Change to kvalloc() in eventlog/acpi.c (CVE-2024-58005)
- kernel: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (CVE-2024-58013)
- kernel: ring-buffer: Validate the persistent meta data subbuf array (CVE-2025-21777)
- kernel: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (CVE-2025-21738)
- kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (CVE-2024-57986)
- kernel: padata: avoid UAF for reorder_work (CVE-2025-21726)
- kernel: vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791)
- kernel: HID: multitouch: Add NULL check in mt_input_configured (CVE-2024-58020)
- kernel: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition (CVE-2024-57984)
- kernel: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (CVE-2025-21761)
- kernel: sched_ext: Fix incorrect autogroup migration detection (CVE-2025-21771)
- kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981)
- kernel: memcg: fix soft lockup in the OOM process (CVE-2024-57977)
- kernel: vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790)
- kernel: usbnet: ipheth: fix DPE OoB read (CVE-2025-21741)
- kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785)
- kernel: ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765)
- kernel: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (CVE-2024-58006)
- kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (CVE-2024-58012)
- kernel: wifi: brcmfmac: Check the return value of of_property_read_string_index() (CVE-2025-21750)
- kernel: wifi: rtlwifi: remove unused check_buddy_priv (CVE-2024-58072)
- kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CVE-2024-58069)
- kernel: wifi: mac80211: prohibit deactivating all links (CVE-2024-58061)
- kernel: idpf: convert workqueues to unbound (CVE-2024-58057)
- kernel: wifi: mac80211: don't flush non-uploaded STAs (CVE-2025-21828)
- kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length (CVE-2025-21826)
- kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback (CVE-2024-58077)
- kernel: crypto: tegra - do not transfer req when tegra init fails (CVE-2024-58075)
- kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time (CVE-2025-21837)
- kernel: information leak via transient execution vulnerability in some AMD processors (CVE-2024-36350)
- kernel: transient execution vulnerability in some AMD processors (CVE-2024-36357)
- kernel: net/sched: cls_api: fix error handling causing NULL dereference (CVE-2025-21857)
- kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel (CVE-2025-21851)
- kernel: ibmvnic: Don't reference skb after sending to VIOS (CVE-2025-21855)
- kernel: smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844)
- kernel: bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853)
- kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (CVE-2025-21847)
- kernel: tcp: drop secpath at the same time as we currently drop dst (CVE-2025-21864)
- kernel: bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088)
- kernel: acct: perform last write from workqueue (CVE-2025-21846)
- kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (CVE-2025-21861)
- kernel: io_uring: prevent opcode speculation (CVE-2025-21863)
- kernel: fbdev: hyperv_fb: Allow graceful removal of framebuffer (CVE-2025-21976)
- kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056)
- kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung (CVE-2025-37749)
- microcode_ctl: From CVEorg collector (CVE-2024-28956)
- kernel: usb: typec: ucsi: displayport: Fix NULL pointer access (CVE-2025-37994)
- kernel: wifi: ath12k: fix uaf in ath12k_core_init() (CVE-2025-38116)
- kernel: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (CVE-2025-38412)
- kernel: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (CVE-2025-38369)
- kernel: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (CVE-2025-38468)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-64k"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-64k-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-64k-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-64k-debug-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-64k-debug-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-64k-debug-devel-matched"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-64k-debug-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-64k-debug-modules-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-64k-debug-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-64k-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-64k-devel-matched"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-64k-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-64k-modules-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-64k-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-abi-stablelists"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-cross-headers"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-debug-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-debug-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-debug-devel-matched"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-debug-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-debug-modules-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-debug-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-debug-uki-virt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-devel-matched"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-headers"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-modules-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-modules-extra-matched"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-64k"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-64k-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-64k-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-64k-debug-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-64k-debug-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-64k-debug-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-64k-debug-modules-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-64k-debug-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-64k-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-64k-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-64k-modules-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-64k-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-debug-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-debug-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-debug-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-debug-modules-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-debug-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-modules-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-rt-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-tools-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-tools-libs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-uki-virt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-uki-virt-addons"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-zfcpdump"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-zfcpdump-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-zfcpdump-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-zfcpdump-devel-matched"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-zfcpdump-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-zfcpdump-modules-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "kernel-zfcpdump-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "libperf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "perf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "python3-perf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "rtla"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "rv"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.12.0-124.8.1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The kernel packages contain the Linux kernel, the core of any Linux operating system. \n\nSecurity Fix(es): \n\n * kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466) (CVE-2024-53241)\n * kernel: exfat: fix out-of-bounds access of directory entries (CVE-2024-53147)\n * kernel: zram: fix NULL pointer in comp_algorithm_show() (CVE-2024-53222)\n * kernel: nfsd: release svc_expkey/svc_export with rcu_work (CVE-2024-53216)\n * kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662)\n * kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (CVE-2024-56675)\n * kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (CVE-2024-56690)\n * kernel: igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332)\n * kernel: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (CVE-2024-57901)\n * kernel: af_packet: fix vlan_get_tci() vs MSG_PEEK (CVE-2024-57902)\n * kernel: io_uring/sqpoll: zero sqd-\u003ethread on tctx errors (CVE-2025-21633)\n * kernel: ipvlan: Fix use-after-free in ipvlan_get_iflink(). (CVE-2025-21652)\n * kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647)\n * kernel: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (CVE-2025-21655)\n * kernel: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled (CVE-2024-57941)\n * kernel: netfs: Fix ceph copy to cache on write-begin (CVE-2024-57942)\n * kernel: zram: fix potential UAF of zram table (CVE-2025-21671)\n * kernel: pktgen: Avoid out-of-bounds access in get_imix_entries (CVE-2025-21680)\n * kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug (CVE-2025-21693)\n * kernel: cachestat: fix page cache statistics permission checking (CVE-2025-21691)\n * kernel: mm: clear uffd-wp PTE/PMD state on mremap() (CVE-2025-21696)\n * kernel: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (CVE-2025-21702)\n * kernel: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (CVE-2025-21732)\n * kernel: NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795)\n * kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() (CVE-2024-54456)\n * kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CVE-2024-57987)\n * kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014)\n * kernel: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CVE-2024-57988)\n * kernel: drm/xe/tracing: Fix a potential TP_printk UAF (CVE-2024-49570)\n * kernel: media: intel/ipu6: remove cpu latency qos request on error (CVE-2024-58004)\n * kernel: usbnet: ipheth: use static NDP16 location in URB (CVE-2025-21742)\n * kernel: usbnet: ipheth: fix possible overflow in DPE length check (CVE-2025-21743)\n * kernel: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links (CVE-2024-57989)\n * kernel: wifi: ath12k: Fix for out-of bound access error (CVE-2024-58015)\n * kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995)\n * kernel: nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796)\n * kernel: workqueue: Put the pwq after detaching the rescuer from the pool (CVE-2025-21786)\n * kernel: tpm: Change to kvalloc() in eventlog/acpi.c (CVE-2024-58005)\n * kernel: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (CVE-2024-58013)\n * kernel: ring-buffer: Validate the persistent meta data subbuf array (CVE-2025-21777)\n * kernel: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (CVE-2025-21738)\n * kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (CVE-2024-57986)\n * kernel: padata: avoid UAF for reorder_work (CVE-2025-21726)\n * kernel: vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791)\n * kernel: HID: multitouch: Add NULL check in mt_input_configured (CVE-2024-58020)\n * kernel: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition (CVE-2024-57984)\n * kernel: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (CVE-2025-21761)\n * kernel: sched_ext: Fix incorrect autogroup migration detection (CVE-2025-21771)\n * kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981)\n * kernel: memcg: fix soft lockup in the OOM process (CVE-2024-57977)\n * kernel: vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790)\n * kernel: usbnet: ipheth: fix DPE OoB read (CVE-2025-21741)\n * kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785)\n * kernel: ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765)\n * kernel: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (CVE-2024-58006)\n * kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (CVE-2024-58012)\n * kernel: wifi: brcmfmac: Check the return value of of_property_read_string_index() (CVE-2025-21750)\n * kernel: wifi: rtlwifi: remove unused check_buddy_priv (CVE-2024-58072)\n * kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CVE-2024-58069)\n * kernel: wifi: mac80211: prohibit deactivating all links (CVE-2024-58061)\n * kernel: idpf: convert workqueues to unbound (CVE-2024-58057)\n * kernel: wifi: mac80211: don\u0027t flush non-uploaded STAs (CVE-2025-21828)\n * kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length (CVE-2025-21826)\n * kernel: ASoC: soc-pcm: don\u0027t use soc_pcm_ret() on .prepare callback (CVE-2024-58077)\n * kernel: crypto: tegra - do not transfer req when tegra init fails (CVE-2024-58075)\n * kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time (CVE-2025-21837)\n * kernel: information leak via transient execution vulnerability in some AMD processors (CVE-2024-36350)\n * kernel: transient execution vulnerability in some AMD processors (CVE-2024-36357)\n * kernel: net/sched: cls_api: fix error handling causing NULL dereference (CVE-2025-21857)\n * kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel (CVE-2025-21851)\n * kernel: ibmvnic: Don\u0027t reference skb after sending to VIOS (CVE-2025-21855)\n * kernel: smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844)\n * kernel: bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853)\n * kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (CVE-2025-21847)\n * kernel: tcp: drop secpath at the same time as we currently drop dst (CVE-2025-21864)\n * kernel: bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088)\n * kernel: acct: perform last write from workqueue (CVE-2025-21846)\n * kernel: mm/migrate_device: don\u0027t add folio to be freed to LRU in migrate_device_finalize() (CVE-2025-21861)\n * kernel: io_uring: prevent opcode speculation (CVE-2025-21863)\n * kernel: fbdev: hyperv_fb: Allow graceful removal of framebuffer (CVE-2025-21976)\n * kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056)\n * kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung (CVE-2025-37749)\n * microcode_ctl: From CVEorg collector (CVE-2024-28956)\n * kernel: usb: typec: ucsi: displayport: Fix NULL pointer access (CVE-2025-37994)\n * kernel: wifi: ath12k: fix uaf in ath12k_core_init() (CVE-2025-38116)\n * kernel: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (CVE-2025-38412)\n * kernel: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (CVE-2025-38369)\n * kernel: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (CVE-2025-38468)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\nAdditional Changes: \n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.\n",
"id": "ALSA-2025:20095",
"modified": "2025-11-24T10:55:21Z",
"published": "2025-11-11T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:20095"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-28956"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-36350"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-36357"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-49570"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-52332"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-53147"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-53216"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-53222"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-53241"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-54456"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-56662"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-56675"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-56690"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-57901"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-57902"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-57941"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-57942"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-57977"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-57981"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-57984"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-57986"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-57987"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-57988"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-57989"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-57995"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58006"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58012"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58013"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58014"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58015"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58020"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58057"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58061"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58069"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58072"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58075"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58077"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-58088"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21633"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21647"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21652"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21655"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21671"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21680"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21691"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21693"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21696"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21702"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21726"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21732"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21738"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21741"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21742"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21743"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21750"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21761"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21765"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21771"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21777"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21785"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21786"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21790"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21791"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21795"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21796"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21826"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21828"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21837"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21844"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21846"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21847"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21851"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21853"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21855"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21857"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21861"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21863"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21864"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21976"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-22056"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-37749"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-37994"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-38116"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-38369"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-38412"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-38468"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331326"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2333985"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2334373"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2334415"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2334547"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2334548"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2334676"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337121"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2338185"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2338211"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2338813"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2338821"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2338828"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2338998"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2339130"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2339141"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2343172"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2343186"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2344684"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2344687"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2345240"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2346272"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348522"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348523"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348541"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348543"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348547"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348550"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348556"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348561"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348567"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348572"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348574"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348577"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348581"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348584"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348587"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348590"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348592"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348593"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348595"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348597"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348600"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348601"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348602"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348603"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348612"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348617"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348620"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348621"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348625"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348629"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348630"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348645"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348647"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348650"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2348656"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2350363"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2350364"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2350373"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2350375"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2350386"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2350392"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2350396"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2350397"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2350589"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2350725"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2350726"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2351605"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2351606"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2351608"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2351612"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2351613"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2351616"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2351618"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2351620"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2351624"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2351625"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2351629"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2356664"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2360215"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2363332"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2366125"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2369184"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2376076"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2383398"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2383432"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2383913"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2025-20095.html"
}
],
"related": [
"CVE-2024-53241",
"CVE-2024-53147",
"CVE-2024-53222",
"CVE-2024-53216",
"CVE-2024-56662",
"CVE-2024-56675",
"CVE-2024-56690",
"CVE-2024-52332",
"CVE-2024-57901",
"CVE-2024-57902",
"CVE-2025-21633",
"CVE-2025-21652",
"CVE-2025-21647",
"CVE-2025-21655",
"CVE-2024-57941",
"CVE-2024-57942",
"CVE-2025-21671",
"CVE-2025-21680",
"CVE-2025-21693",
"CVE-2025-21691",
"CVE-2025-21696",
"CVE-2025-21702",
"CVE-2025-21732",
"CVE-2025-21795",
"CVE-2024-54456",
"CVE-2024-57987",
"CVE-2024-58014",
"CVE-2024-57988",
"CVE-2024-49570",
"CVE-2024-58004",
"CVE-2025-21742",
"CVE-2025-21743",
"CVE-2024-57989",
"CVE-2024-58015",
"CVE-2024-57995",
"CVE-2025-21796",
"CVE-2025-21786",
"CVE-2024-58005",
"CVE-2024-58013",
"CVE-2025-21777",
"CVE-2025-21738",
"CVE-2024-57986",
"CVE-2025-21726",
"CVE-2025-21791",
"CVE-2024-58020",
"CVE-2024-57984",
"CVE-2025-21761",
"CVE-2025-21771",
"CVE-2024-57981",
"CVE-2024-57977",
"CVE-2025-21790",
"CVE-2025-21741",
"CVE-2025-21785",
"CVE-2025-21765",
"CVE-2024-58006",
"CVE-2024-58012",
"CVE-2025-21750",
"CVE-2024-58072",
"CVE-2024-58069",
"CVE-2024-58061",
"CVE-2024-58057",
"CVE-2025-21828",
"CVE-2025-21826",
"CVE-2024-58077",
"CVE-2024-58075",
"CVE-2025-21837",
"CVE-2024-36350",
"CVE-2024-36357",
"CVE-2025-21857",
"CVE-2025-21851",
"CVE-2025-21855",
"CVE-2025-21844",
"CVE-2025-21853",
"CVE-2025-21847",
"CVE-2025-21864",
"CVE-2024-58088",
"CVE-2025-21846",
"CVE-2025-21861",
"CVE-2025-21863",
"CVE-2025-21976",
"CVE-2025-22056",
"CVE-2025-37749",
"CVE-2024-28956",
"CVE-2025-37994",
"CVE-2025-38116",
"CVE-2025-38412",
"CVE-2025-38369",
"CVE-2025-38468"
],
"summary": "Moderate: kernel security update"
}
FKIE_CVE-2024-57942
Vulnerability from fkie_nvd - Published: 2025-01-21 13:15 - Updated: 2025-10-15 13:49
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfs: Fix ceph copy to cache on write-begin
At the end of netfs_unlock_read_folio() in which folios are marked
appropriately for copying to the cache (either with by being marked dirty
and having their private data set or by having PG_private_2 set) and then
unlocked, the folio_queue struct has the entry pointing to the folio
cleared. This presents a problem for netfs_pgpriv2_write_to_the_cache(),
which is used to write folios marked with PG_private_2 to the cache as it
expects to be able to trawl the folio_queue list thereafter to find the
relevant folios, leading to a hang.
Fix this by not clearing the folio_queue entry if we're going to do the
deprecated copy-to-cache. The clearance will be done instead as the folios
are written to the cache.
This can be reproduced by starting cachefiles, mounting a ceph filesystem
with "-o fsc" and writing to it.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA666EC-CF76-46C6-AE86-951E128D4C0A",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "93C0660D-7FB8-4FBA-892A-B064BA71E49E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "034C36A6-C481-41F3-AE9A-D116E5BE6895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix ceph copy to cache on write-begin\n\nAt the end of netfs_unlock_read_folio() in which folios are marked\nappropriately for copying to the cache (either with by being marked dirty\nand having their private data set or by having PG_private_2 set) and then\nunlocked, the folio_queue struct has the entry pointing to the folio\ncleared. This presents a problem for netfs_pgpriv2_write_to_the_cache(),\nwhich is used to write folios marked with PG_private_2 to the cache as it\nexpects to be able to trawl the folio_queue list thereafter to find the\nrelevant folios, leading to a hang.\n\nFix this by not clearing the folio_queue entry if we\u0027re going to do the\ndeprecated copy-to-cache. The clearance will be done instead as the folios\nare written to the cache.\n\nThis can be reproduced by starting cachefiles, mounting a ceph filesystem\nwith \"-o fsc\" and writing to it."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfs: Fix ceph copy to cache on write-begin Al final de netfs_unlock_read_folio() en el que los folios se marcan adecuadamente para copiarlos al cach\u00e9 (ya sea marc\u00e1ndolos como sucios y teniendo sus datos privados configurados o teniendo PG_private_2 configurado) y luego se desbloquean, la estructura folio_queue tiene la entrada que apunta al folio borrada. Esto presenta un problema para netfs_pgpriv2_write_to_the_cache(), que se usa para escribir folios marcados con PG_private_2 en el cach\u00e9, ya que espera poder rastrear la lista folio_queue a partir de entonces para encontrar los folios relevantes, lo que lleva a un bloqueo. Solucione esto al no borrar la entrada folio_queue si vamos a hacer la copia al cach\u00e9 obsoleta. La limpieza se realizar\u00e1 en su lugar a medida que los folios se escriben en el cach\u00e9. Esto se puede reproducir iniciando cachefiles, montando un sistema de archivos ceph con \"-o fsc\" y escribiendo en \u00e9l."
}
],
"id": "CVE-2024-57942",
"lastModified": "2025-10-15T13:49:25.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-21T13:15:08.743",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/38cf8e945721ffe708fa675507465da7f4f2a9f7"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/43b8d3249b0b71bad239d42dbe08ce6c938ba000"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-57942
Vulnerability from fstec - Published: 20.12.2024
VLAI Severity ?
Title
Уязвимость функции netfs_unlock_read_folio ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции netfs_unlock_read_folio ядра операционной системы Linux связана с некорректной блокировкой ресурсов. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании
Severity ?
Vendor
ООО «Ред Софт», Сообщество свободного программного обеспечения
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Linux
Software Version
7.3 (РЕД ОС), от 6.12 до 6.12.9 включительно (Linux)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для Linux:
https://git.kernel.org/stable/c/38cf8e945721ffe708fa675507465da7f4f2a9f7
https://git.kernel.org/stable/c/43b8d3249b0b71bad239d42dbe08ce6c938ba000
Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://git.kernel.org/linus/38cf8e945721ffe708fa675507465da7f4f2a9f7
https://git.kernel.org/stable/c/38cf8e945721ffe708fa675507465da7f4f2a9f7
https://git.kernel.org/stable/c/43b8d3249b0b71bad239d42dbe08ce6c938ba000
https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.10
https://lore.kernel.org/linux-cve-announce/2025012129-CVE-2024-57942-bedc@gregkh/
https://security-tracker.debian.org/tracker/CVE-2024-57942
https://www.cve.org/CVERecord?id=CVE-2024-57942
https://www.cybersecurity-help.cz/vdb/SB2025012166
CWE
CWE-667
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u043e\u0442 6.12 \u0434\u043e 6.12.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/stable/c/38cf8e945721ffe708fa675507465da7f4f2a9f7\t\nhttps://git.kernel.org/stable/c/43b8d3249b0b71bad239d42dbe08ce6c938ba000\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.12.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.02.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.02.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-01771",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-57942",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Linux",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.12.0 \u0434\u043e 6.12.10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.13 \u0434\u043e 6.13 rc7 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 netfs_unlock_read_folio \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 (CWE-667)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 netfs_unlock_read_folio \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u043e\u0439 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://git.kernel.org/linus/38cf8e945721ffe708fa675507465da7f4f2a9f7\nhttps://git.kernel.org/stable/c/38cf8e945721ffe708fa675507465da7f4f2a9f7\nhttps://git.kernel.org/stable/c/43b8d3249b0b71bad239d42dbe08ce6c938ba000\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.10\nhttps://lore.kernel.org/linux-cve-announce/2025012129-CVE-2024-57942-bedc@gregkh/\nhttps://security-tracker.debian.org/tracker/CVE-2024-57942\nhttps://www.cve.org/CVERecord?id=CVE-2024-57942\nhttps://www.cybersecurity-help.cz/vdb/SB2025012166",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-667",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,9)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,2)\n\u041d\u0435\u0442 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 0)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…