References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

vhost: Take a reference on the task in struct vhost_task.

vhost_task_create() creates a task and keeps a reference to its
task_struct. That task may exit early via a signal and its task_struct
will be released.
A pending vhost_task_wake() will then attempt to wake the task and
access a task_struct which is no longer there.

Acquire a reference on the task_struct while creating the thread and
release the reference while the struct vhost_task itself is removed.
If the task exits early due to a signal, then the vhost_task_wake() will
still access a valid task_struct. The wake is safe and will be skipped
in this case.

https://git.kernel.org/stable/c/7ce635b3d3aba43296b62b5a2d97c008bc51cbd2

https://git.kernel.org/stable/c/82a1463c968b1a6ae598a4f2fcef17b71bb7d3a0

https://git.kernel.org/stable/c/afe16653e05db07d658b55245c7a2e0603f136c0

https://git.kernel.org/stable/c/d2be773a92874a070215b51b730cb2b1eaa8fae2