CVE-2024-26606

Updated: 2024-06-27 22:46:47.404469

Description:

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indefinitely for an event leaving their work unhandled. What is worse, subsequent commands won't trigger a wakeup either as the thread has pending work.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Not Vulnerable 2024-04-18 10:06:11
AlmaLinux 9.2 FIPS kernel 5.14.0 5.5 MEDIUM Not Vulnerable 2024-04-18 10:06:11
CentOS 6 ELS kernel 2.6.32 5.5 MEDIUM Not Vulnerable 2024-04-20 05:13:13
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Not Vulnerable 2024-04-20 05:13:12
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Not Vulnerable 2024-04-20 05:13:12
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Not Vulnerable 2024-04-20 05:13:13
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-05-10 10:14:39
CloudLinux 6 ELS kernel 2.6.32 5.5 MEDIUM Not Vulnerable 2024-05-08 10:15:01
CloudLinux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-07-22 12:05:46
Oracle Linux 6 ELS kernel 2.6.32 5.5 MEDIUM Not Vulnerable 2024-04-20 05:13:12
Total: 13