CVE-2024-39292

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jun 24, 2024

Updated: Jul 15, 2024

CWE ID 415

Summary

CVE-2024-39292 is a vulnerability affecting the Linux kernel. This issue involves the winch subsystem where registering a winch IRQ before adding it to the winch_handlers list can result in a panic. The race condition arises due to the interruption occurring before the winch is added to the list. To mitigate this, the patch adds the winch to the winch_handlers list prior to registering the IRQ, and rolls back if the registration fails to ensure the winch is valid before use.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wlRgk8
https://www.cve.org/CVERecord?id=CVE-2024-39292
https://nvd.nist.gov/vuln/detail/CVE-2024-39292

Back to Vulnerability Database

CVE-2024-39292

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations