Race Condition in torvalds/linux

Q: How to fix?

Upgrade torvalds/linux to version 6.11-rc7 or higher.

Threat Intelligence

Proof of Concept

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Race Condition vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-UNMANAGED-TORVALDSLINUX-8072907
published23 Sept 2024
disclosed4 Sept 2024
creditUnknown

Report a new vulnerability Found a mistake?

Introduced: 4 Sep 2024

CWE-362 (opens in a new tab)

How to fix?

Upgrade torvalds/linux to version 6.11-rc7 or higher.

Overview

Affected versions of this package are vulnerable to Race Condition through the improper synchronization mechanism in the perf_mmap and perf_mmap_close functions. An attacker can exploit this vulnerability to manipulate memory mappings and potentially execute arbitrary code by racing the mmap and munmap calls to create an orphaned auxiliary buffer. This is only exploitable if specific kernel configurations such as init_on_alloc, page_poisoning, init_on_free, CONFIG_DEBUG_PAGEALLOC, or CONFIG_DEBUG_VM are disabled or check_pages_enabled is true.

Note: Debian-based distributions, as well as Android and any virtual machines, are not affected.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
Present
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
Low
Integrity (VI)
None
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None

Race Condition Affecting torvalds/linux package, versions [4.1,6.11-rc7)

Severity