NVD Vulnerability Detail

CVE-2024-50271

Summary	In the Linux kernel, the following vulnerability has been resolved: signal: restore the override_rlimit logic Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of signals. However now it's enforced unconditionally, even if override_rlimit is set. This behavior change caused production issues. For example, if the limit is reached and a process receives a SIGSEGV signal, sigqueue_alloc fails to allocate the necessary resources for the signal delivery, preventing the signal from being delivered with siginfo. This prevents the process from correctly identifying the fault address and handling the error. From the user-space perspective, applications are unaware that the limit has been reached and that the siginfo is effectively 'corrupted'. This can lead to unpredictable behavior and crashes, as we observed with java applications. Fix this by passing override_rlimit into inc_rlimit_get_ucounts() and skip the comparison to max there if override_rlimit is set. This effectively restores the old behavior.
Publication Date	Nov. 19, 2024, 11:16 a.m.
Registration Date	Nov. 19, 2024, 4 p.m.
Last Update	Nov. 19, 2024, 11:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://git.kernel.org/stable/c/012f4d5d25e9ef92ee129bd5aa7aa60f692681e1
2	https://git.kernel.org/stable/c/4877d9b2a2ebad3ae240127aaa4cb8258b145cf7
3	https://git.kernel.org/stable/c/0208ea17a1e4456fbfe555f13ae5c28f3d671e40
4	https://git.kernel.org/stable/c/9e05e5c7ee8758141d2db7e8fea2cab34500c6ed

Common Vulnerabilities List

JVN Vulnerability Information

Linux の Linux Kernel における制限またはスロットリング無しのリソースの割り当てに関する脆弱性

Title	Linux の Linux Kernel における制限またはスロットリング無しのリソースの割り当てに関する脆弱性
Summary	Linux の Linux Kernel には、制限またはスロットリング無しのリソースの割り当てに関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 7, 2024, midnight
Registration Date	Nov. 28, 2024, 6:10 p.m.
Last Update	Nov. 28, 2024, 6:10 p.m.

Affected System

Linux

Linux Kernel 5.14 以上 6.1.117 未満

Linux Kernel 6.12

Linux Kernel 6.2 以上 6.6.61 未満

Linux Kernel 6.7 以上 6.11.8 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-50271	https://www.cve.org/CVERecord?id=CVE-2024-50271
National Vulnerability Database (NVD)
2	CVE-2024-50271	https://nvd.nist.gov/vuln/detail/CVE-2024-50271

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-770	https://cwe.mitre.org/data/definitions/770.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	signal: restore the override_rlimit logic (012f4d5)	https://git.kernel.org/stable/c/012f4d5d25e9ef92ee129bd5aa7aa60f692681e1
2	signal: restore the override_rlimit logic (0208ea1)	https://git.kernel.org/stable/c/0208ea17a1e4456fbfe555f13ae5c28f3d671e40
3	signal: restore the override_rlimit logic (4877d9b)	https://git.kernel.org/stable/c/4877d9b2a2ebad3ae240127aaa4cb8258b145cf7
4	signal: restore the override_rlimit logic (9e05e5c)	https://git.kernel.org/stable/c/9e05e5c7ee8758141d2db7e8fea2cab34500c6ed
Linux Kernel
5	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年11月28日] 掲載	Nov. 28, 2024, 10:14 a.m.