CVE-2024-27067

In the Linux kernel, the following vulnerability has been resolved: xen/evtchn: avoid WARN() when unbinding an event channel When unbinding a user event channel, the related handler might be called a last time in case the kernel was built with CONFIG_DEBUG_SHIRQ. This might cause a WARN() in the handler. Avoid that by adding an "unbinding" flag to struct user_event which will short circuit the handler.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/35485dad6e28f9b17884764d4692b1655cb848d0	Patch
https://git.kernel.org/stable/c/51c23bd691c0f1fb95b29731c356c6fd69925d17	Patch
https://git.kernel.org/stable/c/99e425032c6ec13584d3cd33846e0c7307501b47	Patch
https://git.kernel.org/stable/c/9e2d4b58c1da48a32905802aaeadba7084b46895	Patch
https://git.kernel.org/stable/c/35485dad6e28f9b17884764d4692b1655cb848d0	Patch
https://git.kernel.org/stable/c/51c23bd691c0f1fb95b29731c356c6fd69925d17	Patch
https://git.kernel.org/stable/c/99e425032c6ec13584d3cd33846e0c7307501b47	Patch
https://git.kernel.org/stable/c/9e2d4b58c1da48a32905802aaeadba7084b46895	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-05-01 13:15

Updated : 2025-09-18 16:55

NVD link : CVE-2024-27067

Mitre link : CVE-2024-27067

CVE.ORG link : CVE-2024-27067

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-27067", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-01T13:15:50.893", "references": [{"url": "https://git.kernel.org/stable/c/35485dad6e28f9b17884764d4692b1655cb848d0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/51c23bd691c0f1fb95b29731c356c6fd69925d17", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/99e425032c6ec13584d3cd33846e0c7307501b47", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9e2d4b58c1da48a32905802aaeadba7084b46895", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/35485dad6e28f9b17884764d4692b1655cb848d0", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/51c23bd691c0f1fb95b29731c356c6fd69925d17", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/99e425032c6ec13584d3cd33846e0c7307501b47", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/9e2d4b58c1da48a32905802aaeadba7084b46895", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/evtchn: avoid WARN() when unbinding an event channel\n\nWhen unbinding a user event channel, the related handler might be\ncalled a last time in case the kernel was built with\nCONFIG_DEBUG_SHIRQ. This might cause a WARN() in the handler.\n\nAvoid that by adding an \"unbinding\" flag to struct user_event which\nwill short circuit the handler."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: xen/evtchn: evite WARN() al desvincular un canal de eventos Al desvincular un canal de eventos de usuario, es posible que se llame al controlador relacionado por \u00faltima vez en caso de que el kernel se haya compilado con CONFIG_DEBUG_SHIRQ. Esto podr\u00eda provocar un WARN() en el controlador. Evite esto agregando un indicador de \"desvinculaci\u00f3n\" a la estructura user_event que provocar\u00e1 un cortocircuito en el controlador."}], "lastModified": "2025-09-18T16:55:15.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82EEFF87-D1F0-4DA5-ABA3-76779055DE39", "versionEndExcluding": "6.6.23", "versionStartIncluding": "6.6.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD", "versionEndExcluding": "6.7.11", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1", "versionEndExcluding": "6.8.2", "versionStartIncluding": "6.8"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}