vulnerability
Oracle Linux: CVE-2024-39292: ELSA-2024-12581: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Jun 24, 2024 | Aug 16, 2024 | Jan 23, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
Jun 24, 2024
Added
Aug 16, 2024
Modified
Jan 23, 2025
Description
In the Linux kernel, the following vulnerability has been resolved:
um: Add winch to winch_handlers before registering winch IRQ
Registering a winch IRQ is racy, an interrupt may occur before the winch is
added to the winch_handlers list.
If that happens, register_winch_irq() adds to that list a winch that is
scheduled to be (or has already been) freed, causing a panic later in
winch_cleanup().
Avoid the race by adding the winch to the winch_handlers list before
registering the IRQ, and rolling back if um_request_irq() fails.
A vulnerability was found in the Linux kernel's handling of winch IRQs. This issue involves the registration of winch IRQs before adding winch handlers to the winch_handlers list. This oversight could potentially lead to improper IRQ handling and impact system stability or security. This issue has been resolved by ensuring that winch handlers are added to the list before the IRQs are registered.
um: Add winch to winch_handlers before registering winch IRQ
Registering a winch IRQ is racy, an interrupt may occur before the winch is
added to the winch_handlers list.
If that happens, register_winch_irq() adds to that list a winch that is
scheduled to be (or has already been) freed, causing a panic later in
winch_cleanup().
Avoid the race by adding the winch to the winch_handlers list before
registering the IRQ, and rolling back if um_request_irq() fails.
A vulnerability was found in the Linux kernel's handling of winch IRQs. This issue involves the registration of winch IRQs before adding winch handlers to the winch_handlers list. This oversight could potentially lead to improper IRQ handling and impact system stability or security. This issue has been resolved by ensuring that winch handlers are added to the list before the IRQs are registered.
Solution
oracle-linux-upgrade-kernel-uek

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.