CVE-2024-41932

medium

Description

In the Linux kernel, the following vulnerability has been resolved: sched: fix warning in sched_setaffinity Commit 8f9ea86fdf99b added some logic to sched_setaffinity that included a WARN when a per-task affinity assignment races with a cpuset update. Specifically, we can have a race where a cpuset update results in the task affinity no longer being a subset of the cpuset. That's fine; we have a fallback to instead use the cpuset mask. However, we have a WARN set up that will trigger if the cpuset mask has no overlap at all with the requested task affinity. This shouldn't be a warning condition; its trivial to create this condition. Reproduced the warning by the following setup: - $PID inside a cpuset cgroup - another thread repeatedly switching the cpuset cpus from 1-2 to just 1 - another thread repeatedly setting the $PID affinity (via taskset) to 2

References

https://git.kernel.org/stable/c/70ee7947a29029736a1a06c73a48ff37674a851b

https://git.kernel.org/stable/c/5c3fb75f538cfcb886f6dfeb497d99fc2f263ee6

Details

Source: Mitre, NVD

Published: 2025-01-11

Updated: 2025-01-11

Risk Information

CVSS v2

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P

Severity: Low

CVSS v3

Base Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

Detections

Analytics