How severe is CVE-2024-38384?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.4 out of 10.

What type of vulnerability is CVE-2024-38384?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2024-38384 - HIGH Severity | CVSS 8.4

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of `->lqueued` is re-ordered with READ of 'bisc->lnode.next' in the loop of __blkcg_rstat_flush(), `next_bisc` can be assigned with one stat instance being added in blk_cgroup_bio_start(), then the local list in __blkcg_rstat_flush() could be corrupted. Fix the issue by adding one barrier.

Related Vulnerabilities

CVE-2021-0180

HIGH

CVSS:8.4(High)

Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access.

CWE-4002021

CVE-2021-47313

HIGH

CVSS:8.4(High)

In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix potential memleak in cppc_cpufreq_cpu_init It's a classic example of memleak, we allocate something, we fail and ...

CWE-4002021

CVE-2024-35948

HIGH

CVSS:8.4(High)

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note tha...

CWE-4002024

CVE-2015-1779

HIGH

CVSS:8.6(High)

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

CWE-4002015

CVE-2016-6171

HIGH

CVSS:8.6(High)

Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.

CWE-4002016

CVE-2017-15119

HIGH

CVSS:8.6(High)

The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CP...

CWE-4002017