CVE-2024-26602

sched/membarrier: reduce the ability to hammer on sys_membarrier

Description

In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to prevent the ability for this to be called at too high of a frequency and saturate the machine.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/3cd139875e9a7688b3fc715264032620812a5fa3 patch
https://git.kernel.org/stable/c/2441a64070b85c14eecc3728cc87e883f953f265 patch
https://git.kernel.org/stable/c/db896bbe4a9c67cee377e5f6a743350d3ae4acf6 patch
https://git.kernel.org/stable/c/50fb4e17df319bb33be6f14e2a856950c1577dee patch
https://git.kernel.org/stable/c/24ec7504a08a67247fbe798d1de995208a8c128a patch
https://git.kernel.org/stable/c/b6a2a9cbb67545c825ec95f06adb7ff300a2ad71 patch
https://git.kernel.org/stable/c/c5b2063c65d05e79fad8029324581d86cfba7eea patch
https://git.kernel.org/stable/c/944d5fe50f3f03daacfea16300e656a1691c4a23 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Frequently Asked Questions

What is the severity of CVE-2024-26602?
CVE-2024-26602 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26602?
To fix CVE-2024-26602, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26602 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26602 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26602?
CVE-2024-26602 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.