CVE-2024-26602

sched/membarrier: reduce the ability to hammer on sys_membarrier

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall
slowdowns for everything. So put a lock on the path in order to
serialize the accesses to prevent the ability for this to be called at
too high of a frequency and saturate the machine.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched/membarrier: reduce la capacidad de martillar en sys_membarrier. En algunos sistemas, sys_membarrier puede ser muy costoso, provocando ralentizaciones generales en todo. Por lo tanto, bloquee la ruta para serializar los accesos y evitar que se llame a una frecuencia demasiado alta y sature la máquina.

A flaw was found in sys_membarrier in the Linux kernel in sched/membarrier in how a user calls it at too high of a frequency. This flaw allows a local user to saturate the machine.

In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to prevent the ability for this to be called at too high of a frequency and saturate the machine.

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-02-24 CVE Published
2025-04-15 EPSS Updated
2025-05-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/22e4ebb975822833b083533035233d128b30e98f	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3cd139875e9a7688b3fc715264032620812a5fa3	2024-02-23
https://git.kernel.org/stable/c/2441a64070b85c14eecc3728cc87e883f953f265	2024-02-23
https://git.kernel.org/stable/c/db896bbe4a9c67cee377e5f6a743350d3ae4acf6	2024-02-23
https://git.kernel.org/stable/c/50fb4e17df319bb33be6f14e2a856950c1577dee	2024-02-23
https://git.kernel.org/stable/c/24ec7504a08a67247fbe798d1de995208a8c128a	2024-02-23
https://git.kernel.org/stable/c/b6a2a9cbb67545c825ec95f06adb7ff300a2ad71	2024-02-23
https://git.kernel.org/stable/c/c5b2063c65d05e79fad8029324581d86cfba7eea	2024-02-23
https://git.kernel.org/stable/c/944d5fe50f3f03daacfea16300e656a1691c4a23	2024-02-20

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26602	2024-06-11
https://bugzilla.redhat.com/show_bug.cgi?id=2267695	2024-06-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 4.19.307 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 4.19.307"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 5.4.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 5.4.269"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 5.10.210"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 5.15.149"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 6.1.79 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 6.1.79"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 6.6.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 6.6.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 6.7.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 6.8"		en		Affected