{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-50060","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-10-21T19:36:19.939Z","datePublished":"2024-10-21T19:39:49.737Z","dateUpdated":"2025-11-03T22:25:00.157Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:44:58.659Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check if we need to reschedule during overflow flush\n\nIn terms of normal application usage, this list will always be empty.\nAnd if an application does overflow a bit, it'll have a few entries.\nHowever, nothing obviously prevents syzbot from running a test case\nthat generates a ton of overflow entries, and then flushing them can\ntake quite a while.\n\nCheck for needing to reschedule while flushing, and drop our locks and\ndo so if necessary. There's no state to maintain here as overflows\nalways prune from head-of-list, hence it's fine to drop and reacquire\nthe locks at the end of the loop."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["io_uring/io_uring.c"],"versions":[{"version":"2b188cc1bb857a9d4701ae59aa7768b5124e262e","lessThan":"a2493904e95ce94bbec819d8f7f03b99976eb25c","status":"affected","versionType":"git"},{"version":"2b188cc1bb857a9d4701ae59aa7768b5124e262e","lessThan":"f4ce3b5d26ce149e77e6b8e8f2058aa80e5b034e","status":"affected","versionType":"git"},{"version":"2b188cc1bb857a9d4701ae59aa7768b5124e262e","lessThan":"c2eadeafce2d385b3f6d26a7f31fee5aba2bbbb0","status":"affected","versionType":"git"},{"version":"2b188cc1bb857a9d4701ae59aa7768b5124e262e","lessThan":"eac2ca2d682f94f46b1973bdf5e77d85d77b8e53","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["io_uring/io_uring.c"],"versions":[{"version":"5.1","status":"affected"},{"version":"0","lessThan":"5.1","status":"unaffected","versionType":"semver"},{"version":"6.1.113","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.57","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.11.4","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.1.113"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.6.57"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.11.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.12"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a2493904e95ce94bbec819d8f7f03b99976eb25c"},{"url":"https://git.kernel.org/stable/c/f4ce3b5d26ce149e77e6b8e8f2058aa80e5b034e"},{"url":"https://git.kernel.org/stable/c/c2eadeafce2d385b3f6d26a7f31fee5aba2bbbb0"},{"url":"https://git.kernel.org/stable/c/eac2ca2d682f94f46b1973bdf5e77d85d77b8e53"}],"title":"io_uring: check if we need to reschedule during overflow flush","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-50060","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-10-22T13:22:59.693890Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T13:28:42.337Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:25:00.157Z"}}]}}