How severe is CVE-2024-50006?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2024-50006?

This is classified as CWE-667, which is a common weakness in software security.

CVE-2024-50006

MEDIUM Year: 2024

CVSS v3 Score

4.7

Medium

Weakness Type

CWE-667

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate() Fuzzing reports a possible deadlock in jbd2_log_wait_commit. This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require synchronous updates because the file descriptor is opened with O_SYNC. This can lead to the jbd2_journal_stop() function calling jbd2_might_wait_for_commit(), potentially causing a deadlock if the EXT4_IOC_MIGRATE call races with a write(2) system call. This problem only arises when CONFIG_PROVE_LOCKING is enabled. In this case, the jbd2_might_wait_for_commit macro locks jbd2_handle in the jbd2_journal_stop function while i_data_sem is locked. This triggers lockdep because the jbd2_journal_start function might also lock the same jbd2_handle simultaneously. Found by Linux Verification Center (linuxtesting.org) with syzkaller. Rule: add

CVE-2005-3106

MEDIUM

CVSS:4.7(Medium)

Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core...

CWE-6672005

CVE-2009-1961

MEDIUM

CVSS:4.7(Medium)

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local ...

CWE-6672009

CVE-2022-3303

MEDIUM

CVSS:4.7(Medium)

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local us...

CWE-6672022

CVE-2023-2612

MEDIUM

CVSS:4.7(Medium)

Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to ca...

CWE-6672023

CVE-2023-52505

MEDIUM

CVSS:4.7(Medium)

In the Linux kernel, the following vulnerability has been resolved: phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers The protocol converter configuration registers PCC8...

CWE-6672023

CVE-2024-26631

MEDIUM

CVSS:4.7(Medium)

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work idev->mc_ifc_count can be written over without proper locking. Originally ...

CWE-6672024

CVE-2024-50006

Vulnerability Description

Related Vulnerabilities

CVE-2005-3106

CVE-2009-1961

CVE-2022-3303

CVE-2023-2612

CVE-2023-52505

CVE-2024-26631