CVE-2024-35874

Published: May 19, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: aio: Fix null ptr deref in aio_complete() wakeup list_del_init_careful() needs to be the last access to the wait queue entry - it effectively unlocks access. Previously, finish_wait() would see the empty list head and skip taking the lock, and then we'd return - but the completion path would still attempt to do the wakeup after the task_struct pointer had been overwritten.

Vendor	Product	Versions
Linux	Linux	affected `71eb6b6b0ba93b1467bccff57b5de746b09113d2 - < 9678bcc6234d83759fe091c197f5017a32b468da` affected `71eb6b6b0ba93b1467bccff57b5de746b09113d2 - < caeb4b0a11b3393e43f7fa8e0a5a18462acc66bd`
Linux	Linux	affected `6.8` unaffected `0 - < 6.8` unaffected `6.8.5 - <= 6.8.` unaffected `6.9 - <= `

References

https://git.kernel.org/stable/c/9678bcc6234d83759fe091c197f5017a32b468da

https://git.kernel.org/stable/c/caeb4b0a11b3393e43f7fa8e0a5a18462acc66bd

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-35874

Description

Affected Products

References