Updated: 2025-08-20 02:49:16.211404
Description:
In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and privcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd created and added to the irqfds_list by privcmd_irqfd_assign() may get removed by another thread executing privcmd_irqfd_deassign(), while the former is still using it after dropping the locks. This can lead to a situation where an already freed kirqfd instance may be accessed and cause kernel oops. Use SRCU locking to prevent the same, as is done for the KVM implementation for irqfds.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 5.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| RHEL 7 ELS | kernel | 3.10.0 | 5.5 | MEDIUM | Ignored | 2025-05-24 02:23:54 | Ignored due to low severity | |
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 5.5 | MEDIUM | Ignored | 2024-09-30 10:45:32 | Ignored due to low severity | |
| Ubuntu 16.04 ELS | linux | 4.4.0 | 5.5 | MEDIUM | Ignored | 2024-09-30 10:45:31 | Ignored due to low severity | |
| Ubuntu 18.04 ELS | linux | 4.15.0 | 5.5 | MEDIUM | Ignored | 2024-09-30 10:45:31 | Ignored due to low severity |