Launchpad.net

CVE 2024-39292

In the Linux kernel, the following vulnerability has been resolved: um: Add winch to winch_handlers before registering winch IRQ Registering a winch IRQ is racy, an interrupt may occur before the winch is added to the winch_handlers list. If that happens, register_winch_irq() adds to that list a winch that is scheduled to be (or has already been) freed, causing a panic later in winch_cleanup(). Avoid the race by adding the winch to the winch_handlers list before registering the IRQ, and rolling back if um_request_irq() fails.

Related bugs and status

CVE-2024-39292 (Candidate) is related to these bugs:

Bug #2072617: Jammy update: v5.15.161 upstream stable release

Summary				In	Importance	Status
	2072617	Jammy update: v5.15.161 upstream stable release		linux (Ubuntu)	Undecided	Invalid
	2072617	Jammy update: v5.15.161 upstream stable release		linux (Ubuntu Jammy)	Medium	Fix Committed

Bug #2073603: Noble update: upstream stable patchset 2024-07-19

Summary				In	Importance	Status
	2073603	Noble update: upstream stable patchset 2024-07-19		linux (Ubuntu)	Undecided	Invalid
	2073603	Noble update: upstream stable patchset 2024-07-19		linux (Ubuntu Noble)	Medium	Fix Committed

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2024-39292

Related bugs and status

Related bugs

References