CVE-2024-26686

Updated: 2024-08-13 01:52:49.692132

Description:

In the Linux kernel, the following vulnerability has been resolved: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call do_task_stat() at the same time and the process has NR_THREADS, it will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change do_task_stat() to use sig->stats_lock to gather the statistics outside of ->siglock protected section, in the likely case this code will run lockless.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Ignored 2024-08-13 14:25:57
AlmaLinux 9.2 FIPS kernel 5.14.0 5.5 MEDIUM Ignored 2024-08-13 14:25:57
CentOS 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-08-13 14:25:57
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-08-13 14:25:57
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-08-20 05:26:45
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-08-20 05:26:45
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-08-20 05:26:45
CloudLinux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-08-13 14:25:57
CloudLinux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-08-13 14:25:57
Oracle Linux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-08-13 14:25:57