CVE-2024-47710

sock_map: Add a cond_resched() in sock_hash_free()

Description

In the Linux kernel, the following vulnerability has been resolved: sock_map: Add a cond_resched() in sock_hash_free() Several syzbot soft lockup reports all have in common sock_hash_free() If a map with a large number of buckets is destroyed, we need to yield the cpu when needed.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/bc05f6855642cff3c0eeb63060b35d8c4f8a851d
https://git.kernel.org/stable/c/1a11a1a53255ddab8a903cdae01b9d3eb2c1a47b patch
https://git.kernel.org/stable/c/984648aac87a6a1c8fd61663bec3f7b61eafad5e patch
https://git.kernel.org/stable/c/04f62c012e0e4683e572b30baf6004ca0a3f6772 patch
https://git.kernel.org/stable/c/80bd490ac0a3b662a489e17d8eedeb1e905a3d40 patch
https://git.kernel.org/stable/c/ae8c1b3e7353ad240b829eabac7ba2584b2c6bdc patch
https://git.kernel.org/stable/c/cd10abf41bae55c9d2b93f34a516dbf52626bcb7 patch
https://git.kernel.org/stable/c/b1339be951ad31947ae19bc25cb08769bf255100 patch

Frequently Asked Questions

What is the severity of CVE-2024-47710?
CVE-2024-47710 has been scored as a medium severity vulnerability.
How to fix CVE-2024-47710?
To fix CVE-2024-47710, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-47710 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-47710 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-47710?
CVE-2024-47710 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.