CVE-2024-26686
MEDIUMLinux Kernel - Denial of Service via do_task_stat Lock Contention
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call do_task_stat() at the same time and the process has NR_THREADS, it will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change do_task_stat() to use sig->stats_lock to gather the statistics outside of ->siglock protected section, in the likely case this code will run lockless.
References (7)
Core 7
Core References
Scores
CVSS v3
5.5
EPSS
0.0021
EPSS Percentile
11.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-667
Status
published
Products (21)
linux/Kernel
2.6.12 - 5.10.237linux
linux/Kernel
5.11.0 - 5.15.181linux
linux/Kernel
5.16.0 - 6.1.82linux
linux/Kernel
6.2.0 - 6.6.64linux
linux/Kernel
6.7.0 - 6.7.6linux
Linux/Linux
< 2.6.12
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 0c35d1914353799c54fa1843fe7dea6fcbcdbac5
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 27978243f165b44e342f28f449b91327944ea071
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 3820b0fac7732a653bcc6f6ac20c1d72e697f8f6
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 4fe85bdaabd63f8f8579b24a10ed597c9c482164
... and 11 more
Published
Apr 03, 2024
Tracked Since
Feb 18, 2026