CVE-2024-27067

MEDIUM

Linux Kernel - Info Disclosure

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: xen/evtchn: avoid WARN() when unbinding an event channel When unbinding a user event channel, the related handler might be called a last time in case the kernel was built with CONFIG_DEBUG_SHIRQ. This might cause a WARN() in the handler. Avoid that by adding an "unbinding" flag to struct user_event which will short circuit the handler.

References (4)

[Patch] https://git.kernel.org/stable/c/35485dad6e28f9b17884764d4692b1655cb848d0

[Patch] https://git.kernel.org/stable/c/51c23bd691c0f1fb95b29731c356c6fd69925d17

[Patch] https://git.kernel.org/stable/c/99e425032c6ec13584d3cd33846e0c7307501b47

[Patch] https://git.kernel.org/stable/c/9e2d4b58c1da48a32905802aaeadba7084b46895

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 4.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

Status published

Affected Products (3)

linux/linux_kernel < 6.6.23

linux/Kernel < 6.6.23linux

linux/Kernel < 6.8.2linux

Timeline

Published May 01, 2024

Tracked Since Feb 18, 2026