CVE-2024-26810

MEDIUM Year: 2024
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-362
View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking ops Mask operations through config space changes to DisINTx may race INTx configuration changes via ioctl. Create wrappers that add locking for paths outside of the core interrupt code. In particular, irq_type is updated holding igate, therefore testing is_intx() requires holding igate. For example clearing DisINTx from config space can otherwise race changes of the interrupt configuration. This aligns interfaces which may trigger the INTx eventfd into two camps, one side serialized by igate and the other only enabled while INTx is configured. A subsequent patch introduces synchronization for the latter flows.

Related Vulnerabilities

CVE-2016-1000236

MEDIUM
CVSS:4.4(Medium)

Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.

CWE-3622016

CVE-2020-0141

MEDIUM
CVSS:4.4(Medium)

In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. This could lead to remote information disclosure with System execution privileges need...

CWE-3622020

CVE-2021-27925

MEDIUM
CVSS:4.4(Medium)

An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal u...

CWE-3622021

CVE-2024-3979

MEDIUM
CVSS:4.4(Medium)

A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Affected by this issue is some unknown functionality. The manipulation leads to race condition. An ...

CWE-3622024

CVE-2024-47968

MEDIUM
CVSS:4.4(Medium)

Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service.

CWE-3622024