CVE-2024-42135

vhost_task: Handle SIGKILL by flushing work and exiting

Description

In the Linux kernel, the following vulnerability has been resolved: vhost_task: Handle SIGKILL by flushing work and exiting Instead of lingering until the device is closed, this has us handle SIGKILL by: 1. marking the worker as killed so we no longer try to use it with new virtqueues and new flush operations. 2. setting the virtqueue to worker mapping so no new works are queued. 3. running all the exiting works.

5.5

CVSS

Severity: Medium

CVSS 3.1 •

EPSS 0.03%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/abe067dc3a662eef7d5cddbbc41ed50a0b68b0af	patch
https://git.kernel.org/stable/c/dec987fe2df670827eb53b97c9552ed8dfc63ad4	patch
https://git.kernel.org/stable/c/db5247d9bf5c6ade9fd70b4e4897441e0269b233	patch

Frequently Asked Questions

What is the severity of CVE-2024-42135?: CVE-2024-42135 has been scored as a medium severity vulnerability.
How to fix CVE-2024-42135?: To fix CVE-2024-42135, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-42135 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-42135 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42135?: CVE-2024-42135 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.