CVE-2024-42135

{"id": "CVE-2024-42135", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-07-30T08:15:05.433", "references": [{"url": "https://git.kernel.org/stable/c/abe067dc3a662eef7d5cddbbc41ed50a0b68b0af", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/db5247d9bf5c6ade9fd70b4e4897441e0269b233", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/dec987fe2df670827eb53b97c9552ed8dfc63ad4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/abe067dc3a662eef7d5cddbbc41ed50a0b68b0af", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/db5247d9bf5c6ade9fd70b4e4897441e0269b233", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/dec987fe2df670827eb53b97c9552ed8dfc63ad4", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost_task: Handle SIGKILL by flushing work and exiting\n\nInstead of lingering until the device is closed, this has us handle\nSIGKILL by:\n\n1. marking the worker as killed so we no longer try to use it with\n new virtqueues and new flush operations.\n2. setting the virtqueue to worker mapping so no new works are queued.\n3. running all the exiting works."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: vhost_task: maneja SIGKILL vaciando el trabajo y saliendo. En lugar de demorarnos hasta que se cierre el dispositivo, esto nos permite manejar SIGKILL de la siguiente manera: 1. marcar al trabajador como eliminado para que ya no intentemos hacerlo. \u00daselo con nuevas virtqueues y nuevas operaciones de descarga. 2. configurar la cola virtual para el mapeo de trabajadores para que no haya trabajos nuevos en cola. 3. ejecutar todas las obras existentes."}], "lastModified": "2024-12-11T14:59:33.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFFE1388-D45B-4287-88F7-BBA975D80E4C", "versionEndExcluding": "6.6.39"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085", "versionEndExcluding": "6.9.9", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}