CVE-2024-27419 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

netrom: Fix data-races around sysctl_net_busy_read

We need to protect the reader reading the sysctl value because the
value can be changed concurrently.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00012.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< d623fd5298d95b65d27ef5a618ebf39541074856
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< f9055fa2b2931261d5f89948ee5bc315b6a22d4a
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 0866afaff19d8460308b022345ed116a12b1d0e1
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 43464808669ba9d23996f0b6d875450191687caf
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 34cab94f7473e7b09f5205d4583fb5096cb63b5b
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 16d71319e29d5825ab53f263b59fdd8dc2d60ad4
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< d380ce70058a4ccddc3e5f5c2063165dc07672c6

Linux

affected

Version	Status	Constraints
`2.6.12`	affected	—
`0`	unaffected	< 2.6.12
`4.19.310`	unaffected	≤ 4.19.*
`5.4.272`	unaffected	≤ 5.4.*
`5.10.213`	unaffected	≤ 5.10.*
`5.15.152`	unaffected	≤ 5.15.*
`6.1.82`	unaffected	≤ 6.1.*
`6.6.22`	unaffected	≤ 6.6.*
`6.7.10`	unaffected	≤ 6.7.*
`6.8`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:-::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc7::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Debian Subscribe	Debian Linux Subscribe
Linux Subscribe	Linux Kernel Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-3840-1	linux security update
Debian DLA	DLA-3842-1	linux-5.10 security update
Ubuntu USN	USN-6820-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6820-2	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-6821-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6821-2	Linux kernel vulnerabilities
Ubuntu USN	USN-6821-3	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-6821-4	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-6828-1	Linux kernel (Intel IoTG) vulnerabilities
Ubuntu USN	USN-6871-1	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-6892-1	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-6896-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6896-2	Linux kernel vulnerabilities
Ubuntu USN	USN-6896-3	Linux kernel vulnerabilities
Ubuntu USN	USN-6896-4	Linux kernel vulnerabilities
Ubuntu USN	USN-6896-5	Linux kernel vulnerabilities
Ubuntu USN	USN-6919-1	Linux kernel vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1
https://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc2d60ad4
https://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b
https://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf
https://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3
https://git.kernel.org/stable/c/d380ce70058a4ccddc3e5f5c2063165dc07672c6
https://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856
https://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lore.kernel.org/linux-cve-announce/2024051719-CVE-2024-27419-726a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-27419
https://www.cve.org/CVERecord?id=CVE-2024-27419

History

Tue, 23 Dec 2025 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux
CPEs		cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:2.6.12:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc7::::::
Vendors & Products		Debian Debian debian Linux
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Wed, 06 Nov 2024 08:15:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 29 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-362 CWE-820

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T12:01:27.871Z

Updated: 2025-05-04T09:04:45.518Z

Reserved: 2024-02-25T13:47:42.683Z

Link: CVE-2024-27419

Vulnrichment

Updated: 2024-08-02T00:34:52.300Z

NVD

Status : Analyzed

Published: 2024-05-17T12:15:13.763

Modified: 2025-12-23T18:42:13.027

Link: CVE-2024-27419

Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2024-27419 - Bugzilla

OpenCVE Enrichment

Updated: 2025-07-12T22:09:22Z

Weaknesses

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object