CVE-2024-26602: sched/membarrier: reduce the ability to hammer on sys_membarrier

Description

In the Linux kernel, the following vulnerability has been resolved:

sched/membarrier: reduce the ability to hammer on sys_membarrier

On some systems, sys_membarrier can be very expensive, causing overall
slowdowns for everything. So put a lock on the path in order to
serialize the accesses to prevent the ability for this to be called at
too high of a frequency and saturate the machine.

Classification

CVE ID: CVE-2024-26602

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.08% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/3cd139875e9a7688b3fc715264032620812a5fa3
https://git.kernel.org/stable/c/2441a64070b85c14eecc3728cc87e883f953f265
https://git.kernel.org/stable/c/db896bbe4a9c67cee377e5f6a743350d3ae4acf6
https://git.kernel.org/stable/c/50fb4e17df319bb33be6f14e2a856950c1577dee
https://git.kernel.org/stable/c/24ec7504a08a67247fbe798d1de995208a8c128a
https://git.kernel.org/stable/c/b6a2a9cbb67545c825ec95f06adb7ff300a2ad71
https://git.kernel.org/stable/c/c5b2063c65d05e79fad8029324581d86cfba7eea
https://git.kernel.org/stable/c/944d5fe50f3f03daacfea16300e656a1691c4a23

Timeline

2024-12-20 00:33:01 UTC
CVE

sched/membarrier: reduce the ability to hammer on sys_membarrier