CVE-2024-42135

low-risk

Published 2024-07-30

In the Linux kernel, the following vulnerability has been resolved: vhost_task: Handle SIGKILL by flushing work and exiting Instead of lingering until the device is closed, this has us handle SIGKILL by: 1. marking the worker as killed so we no longer try to use it with new virtqueues and new flush operations. 2. setting the virtqueue to worker mapping so no new works are queued. 3. running all the exiting works.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (6)

Patch https://git.kernel.org/stable/c/abe067dc3a662eef7d5cddbbc41ed50a0b68b0af

Patch https://git.kernel.org/stable/c/db5247d9bf5c6ade9fd70b4e4897441e0269b233

Patch https://git.kernel.org/stable/c/dec987fe2df670827eb53b97c9552ed8dfc63ad4

Patch https://git.kernel.org/stable/c/abe067dc3a662eef7d5cddbbc41ed50a0b68b0af

Patch https://git.kernel.org/stable/c/db5247d9bf5c6ade9fd70b4e4897441e0269b233

Patch https://git.kernel.org/stable/c/dec987fe2df670827eb53b97c9552ed8dfc63ad4

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal