[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-58088":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-16T04:50:24.655Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":39,"aliases":40,"duplicate_of":9,"upstream":41,"downstream":42,"duplicates":91,"related":92,"reserved_at":9,"published_at":107,"modified_at":108,"state":109,"summary":110,"references_raw":119,"kevs":138,"epss":139,"epss_history":142,"metrics":415,"affected":423},"CVE-2024-58088","In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix deadlock when freeing cgroup storage\n\nThe following commit\nbc235cdb423a (\"bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]\")\nfirst introduced deadlock prevention for fentry/fexit programs attaching\non bpf_task_storage helpers. That commit also employed the logic in map\nfree path in its v6 version.\n\nLater bpf_cgrp_storage was first introduced in\nc4bcfb38a95e (\"bpf: Implement cgroup storage available to non-cgroup-attached bpf progs\")\nwhich faces the same issue as bpf_task_storage, instead of its busy\ncounter, NULL was passed to bpf_local_storage_map_free() which opened\na window to cause deadlock:\n\n\t\u003CTASK>\n\t\t(acquiring local_storage->lock)\n\t_raw_spin_lock_irqsave+0x3d/0x50\n\tbpf_local_storage_update+0xd1/0x460\n\tbpf_cgrp_storage_get+0x109/0x130\n\tbpf_prog_a4d4a370ba857314_cgrp_ptr+0x139/0x170\n\t? __bpf_prog_enter_recur+0x16/0x80\n\tbpf_trampoline_6442485186+0x43/0xa4\n\tcgroup_storage_ptr+0x9/0x20\n\t\t(holding local_storage->lock)\n\tbpf_selem_unlink_storage_nolock.constprop.0+0x135/0x160\n\tbpf_selem_unlink_storage+0x6f/0x110\n\tbpf_local_storage_map_free+0xa2/0x110\n\tbpf_map_free_deferred+0x5b/0x90\n\tprocess_one_work+0x17c/0x390\n\tworker_thread+0x251/0x360\n\tkthread+0xd2/0x100\n\tret_from_fork+0x34/0x50\n\tret_from_fork_asm+0x1a/0x30\n\t\u003C/TASK>\n\nProgs:\n - A: SEC(\"fentry/cgroup_storage_ptr\")\n   - cgid (BPF_MAP_TYPE_HASH)\n\tRecord the id of the cgroup the current task belonging\n\tto in this hash map, using the address of the cgroup\n\tas the map key.\n   - cgrpa (BPF_MAP_TYPE_CGRP_STORAGE)\n\tIf current task is a kworker, lookup the above hash\n\tmap using function parameter @owner as the key to get\n\tits corresponding cgroup id which is then used to get\n\ta trusted pointer to the cgroup through\n\tbpf_cgroup_from_id(). This trusted pointer can then\n\tbe passed to bpf_cgrp_storage_get() to finally trigger\n\tthe deadlock issue.\n - B: SEC(\"tp_btf/sys_enter\")\n   - cgrpb (BPF_MAP_TYPE_CGRP_STORAGE)\n\tThe only purpose of this prog is to fill Prog A's\n\thash map by calling bpf_cgrp_storage_get() for as\n\tmany userspace tasks as possible.\n\nSteps to reproduce:\n - Run A;\n - while (true) { Run B; Destroy B; }\n\nFix this issue by passing its busy counter to the free procedure so\nit can be properly incremented before storage/smap locking.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-667","Improper Locking","The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.","weakness","Draft","Class",[19,31,35],{"id":20,"name":21,"techniques":22},"CAPEC-25","Forced Deadlock",[23],{"id":24,"name":25,"tactics":26,"countermeasures":30},"T1499.004","Application or System Exploitation",[27],{"id":28,"name":29},"TA0105","Impact",[],{"id":32,"name":33,"techniques":34},"CAPEC-26","Leveraging Race Conditions",[],{"id":36,"name":37,"techniques":38},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],[],[],[],[43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89],{"_key":44},"SUSE-SU-2025:01919-1",{"_key":46},"SUSE-SU-2025:01951-1",{"_key":48},"SUSE-SU-2025:01967-1",{"_key":50},"SUSE-SU-2025:01707-1",{"_key":52},"SUSE-SU-2025:01964-1",{"_key":54},"SUSE-SU-2025:20343-1",{"_key":56},"SUSE-SU-2025:20344-1",{"_key":58},"SUSE-SU-2025:20354-1",{"_key":60},"SUSE-SU-2025:20355-1",{"_key":62},"SUSE-SU-2025:01614-1",{"_key":64},"MGASA-2025-0111",{"_key":66},"MGASA-2025-0112",{"_key":68},"UBUNTU-CVE-2024-58088",{"_key":70},"RHSA-2025:20095",{"_key":72},"USN-7521-1",{"_key":74},"USN-7521-3",{"_key":76},"USN-7703-1",{"_key":78},"USN-7703-2",{"_key":80},"USN-7703-3",{"_key":82},"USN-7703-4",{"_key":84},"USN-7719-1",{"_key":86},"USN-7737-1",{"_key":88},"RHSA-2025:20518",{"_key":90},"DEBIAN-CVE-2024-58088",[],[93,94,95,96,98,99,100,101,102,103,104,105,106],{"_key":44},{"_key":46},{"_key":48},{"_key":97},"USN-7521-2",{"_key":50},{"_key":52},{"_key":54},{"_key":56},{"_key":58},{"_key":60},{"_key":62},{"_key":64},{"_key":66},"2025-03-12T09:41:58.986Z","2026-05-11T21:03:04.280Z","Modified",{"cisa_kev":111,"cisa_ransomware":111,"cisa_vendor":9,"epss_severity":112,"epss_score":113,"severity":114,"severity_score":115,"severity_version":116,"severity_source":117,"severity_vector":118,"severity_status":109},false,"low",0.00151,"medium",5.5,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[120,126,130,134],{"url":121,"sources":122,"tags":124},"https://git.kernel.org/stable/c/6ecb9fa14eec5f15d97c84c36896871335f6ddfb",[117,123],"nvd",[125],"Patch",{"url":127,"sources":128,"tags":129},"https://git.kernel.org/stable/c/fac674d2bd68f3479f27328626b42d1eebd11fef",[117,123],[125],{"url":131,"sources":132,"tags":133},"https://git.kernel.org/stable/c/fcec95b4ab3e7bc6b2f36e5d59f7e24104ea87f7",[117,123],[125],{"url":135,"sources":136,"tags":137},"https://git.kernel.org/stable/c/c78f4afbd962f43a3989f45f3ca04300252b19b5",[117,123],[125],[],{"date":140,"score":113,"percentile":141},"2026-06-15",0.04617,[143,147,150,153,156,159,162,165,168,171,174,177,180,183,186,190,193,197,200,203,206,209,212,216,219,222,225,228,231,234,237,240,243,247,250,253,256,259,261,264,267,270,273,276,279,282,285,288,291,294,297,300,303,305,308,311,314,317,320,323,326,329,332,334,338,341,344,347,350,353,356,359,362,365,368,371,374,377,380,383,386,388,391,394,397,400,403,406,409,412],{"date":144,"score":145,"percentile":146},"2025-11-04",0.00022,0.04401,{"date":148,"score":145,"percentile":149},"2025-11-05",0.04412,{"date":151,"score":145,"percentile":152},"2025-11-06",0.04521,{"date":154,"score":145,"percentile":155},"2025-11-07",0.04536,{"date":157,"score":145,"percentile":158},"2025-11-08",0.04539,{"date":160,"score":145,"percentile":161},"2025-11-09",0.04542,{"date":163,"score":145,"percentile":164},"2025-11-10",0.04528,{"date":166,"score":145,"percentile":167},"2025-11-11",0.04564,{"date":169,"score":145,"percentile":170},"2025-11-12",0.04753,{"date":172,"score":145,"percentile":173},"2025-11-13",0.04786,{"date":175,"score":145,"percentile":176},"2025-11-14",0.04815,{"date":178,"score":145,"percentile":179},"2025-11-15",0.04792,{"date":181,"score":145,"percentile":182},"2025-11-16",0.04807,{"date":184,"score":145,"percentile":185},"2025-11-17",0.04795,{"date":187,"score":188,"percentile":189},"2025-11-18",0.00042,0.08057,{"date":191,"score":188,"percentile":192},"2025-11-19",0.08071,{"date":194,"score":195,"percentile":196},"2025-11-20",0.00023,0.0307,{"date":198,"score":195,"percentile":199},"2025-11-21",0.0502,{"date":201,"score":145,"percentile":202},"2025-11-22",0.0484,{"date":204,"score":145,"percentile":205},"2025-11-23",0.04834,{"date":207,"score":145,"percentile":208},"2025-11-24",0.04812,{"date":210,"score":145,"percentile":211},"2025-11-25",0.04822,{"date":213,"score":214,"percentile":215},"2025-11-26",0.00024,0.05483,{"date":217,"score":214,"percentile":218},"2025-11-27",0.05501,{"date":220,"score":214,"percentile":221},"2025-11-28",0.0548,{"date":223,"score":214,"percentile":224},"2025-11-29",0.05263,{"date":226,"score":214,"percentile":227},"2025-11-30",0.05261,{"date":229,"score":214,"percentile":230},"2025-12-01",0.05354,{"date":232,"score":214,"percentile":233},"2025-12-02",0.05368,{"date":235,"score":214,"percentile":236},"2025-12-03",0.05387,{"date":238,"score":214,"percentile":239},"2025-12-04",0.05336,{"date":241,"score":214,"percentile":242},"2025-12-05",0.054,{"date":244,"score":245,"percentile":246},"2025-12-06",0.00026,0.06346,{"date":248,"score":245,"percentile":249},"2025-12-07",0.06353,{"date":251,"score":245,"percentile":252},"2025-12-08",0.06349,{"date":254,"score":245,"percentile":255},"2025-12-09",0.06406,{"date":257,"score":245,"percentile":258},"2025-12-10",0.0648,{"date":260,"score":245,"percentile":258},"2025-12-11",{"date":262,"score":245,"percentile":263},"2025-12-12",0.065,{"date":265,"score":245,"percentile":266},"2025-12-13",0.06531,{"date":268,"score":245,"percentile":269},"2025-12-14",0.06498,{"date":271,"score":245,"percentile":272},"2025-12-15",0.0647,{"date":274,"score":245,"percentile":275},"2025-12-16",0.06496,{"date":277,"score":245,"percentile":278},"2025-12-17",0.06582,{"date":280,"score":245,"percentile":281},"2025-12-18",0.06643,{"date":283,"score":245,"percentile":284},"2025-12-19",0.06632,{"date":286,"score":245,"percentile":287},"2025-12-20",0.06628,{"date":289,"score":245,"percentile":290},"2025-12-21",0.06619,{"date":292,"score":245,"percentile":293},"2025-12-22",0.06573,{"date":295,"score":245,"percentile":296},"2025-12-23",0.06567,{"date":298,"score":245,"percentile":299},"2025-12-24",0.06599,{"date":301,"score":245,"percentile":302},"2025-12-25",0.0666,{"date":304,"score":245,"percentile":302},"2025-12-26",{"date":306,"score":245,"percentile":307},"2025-12-27",0.06692,{"date":309,"score":245,"percentile":310},"2025-12-28",0.06675,{"date":312,"score":245,"percentile":313},"2025-12-29",0.06658,{"date":315,"score":245,"percentile":316},"2025-12-30",0.06641,{"date":318,"score":245,"percentile":319},"2025-12-31",0.06687,{"date":321,"score":245,"percentile":322},"2026-01-01",0.06752,{"date":324,"score":245,"percentile":325},"2026-01-02",0.06742,{"date":327,"score":245,"percentile":328},"2026-01-03",0.0673,{"date":330,"score":245,"percentile":331},"2026-01-04",0.06585,{"date":333,"score":245,"percentile":266},"2026-01-05",{"date":335,"score":336,"percentile":337},"2026-01-06",0.00028,0.07184,{"date":339,"score":336,"percentile":340},"2026-01-07",0.07208,{"date":342,"score":336,"percentile":343},"2026-01-08",0.07267,{"date":345,"score":336,"percentile":346},"2026-01-09",0.0728,{"date":348,"score":336,"percentile":349},"2026-01-10",0.07307,{"date":351,"score":336,"percentile":352},"2026-01-11",0.07295,{"date":354,"score":336,"percentile":355},"2026-01-12",0.07265,{"date":357,"score":336,"percentile":358},"2026-01-13",0.07249,{"date":360,"score":336,"percentile":361},"2026-01-14",0.07292,{"date":363,"score":336,"percentile":364},"2026-01-15",0.07296,{"date":366,"score":336,"percentile":367},"2026-01-16",0.07311,{"date":369,"score":336,"percentile":370},"2026-01-17",0.07322,{"date":372,"score":336,"percentile":373},"2026-01-18",0.07299,{"date":375,"score":336,"percentile":376},"2026-01-19",0.07266,{"date":378,"score":336,"percentile":379},"2026-01-20",0.07232,{"date":381,"score":336,"percentile":382},"2026-01-21",0.07228,{"date":384,"score":336,"percentile":385},"2026-01-22",0.07204,{"date":387,"score":336,"percentile":376},"2026-01-23",{"date":389,"score":336,"percentile":390},"2026-01-24",0.07319,{"date":392,"score":336,"percentile":393},"2026-01-25",0.07304,{"date":395,"score":336,"percentile":396},"2026-01-26",0.07282,{"date":398,"score":336,"percentile":399},"2026-01-27",0.07269,{"date":401,"score":336,"percentile":402},"2026-01-28",0.07247,{"date":404,"score":336,"percentile":405},"2026-01-29",0.07238,{"date":407,"score":336,"percentile":408},"2026-01-30",0.0725,{"date":410,"score":336,"percentile":411},"2026-01-31",0.07272,{"date":413,"score":336,"percentile":414},"2026-02-01",0.07301,[416,421],{"source":117,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":417,"cvss_v4_0":9},{"baseScore":115,"baseSeverity":418,"vectorString":118,"impactScore":419,"exploitabilityScore":420},"MEDIUM",6,4.6,{"source":123,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":422,"cvss_v4_0":9},{"baseScore":115,"baseSeverity":418,"vectorString":118,"impactScore":419,"exploitabilityScore":420},[424,447],{"ecosystem":9,"name":425,"vendor":426,"product":426,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":428},"Linux","linux","a",[429,436,439,442,445],{"version":430,"is_range":431,"range_type":117,"version_start":432,"version_start_type":433,"version_end":434,"version_end_type":435,"fixed_in":9},">= c4bcfb38a95edb1021a53f2d0356a78120ecfbe4, \u003C 6ecb9fa14eec5f15d97c84c36896871335f6ddfb",true,"c4bcfb38a95edb1021a53f2d0356a78120ecfbe4","including","6ecb9fa14eec5f15d97c84c36896871335f6ddfb","excluding",{"version":437,"is_range":431,"range_type":117,"version_start":432,"version_start_type":433,"version_end":438,"version_end_type":435,"fixed_in":9},">= c4bcfb38a95edb1021a53f2d0356a78120ecfbe4, \u003C fac674d2bd68f3479f27328626b42d1eebd11fef","fac674d2bd68f3479f27328626b42d1eebd11fef",{"version":440,"is_range":431,"range_type":117,"version_start":432,"version_start_type":433,"version_end":441,"version_end_type":435,"fixed_in":9},">= c4bcfb38a95edb1021a53f2d0356a78120ecfbe4, \u003C fcec95b4ab3e7bc6b2f36e5d59f7e24104ea87f7","fcec95b4ab3e7bc6b2f36e5d59f7e24104ea87f7",{"version":443,"is_range":431,"range_type":117,"version_start":432,"version_start_type":433,"version_end":444,"version_end_type":435,"fixed_in":9},">= c4bcfb38a95edb1021a53f2d0356a78120ecfbe4, \u003C c78f4afbd962f43a3989f45f3ca04300252b19b5","c78f4afbd962f43a3989f45f3ca04300252b19b5",{"version":446,"is_range":111,"range_type":117,"version_start":446,"version_start_type":433,"version_end":446,"version_end_type":433,"fixed_in":9},"6.2",{"ecosystem":9,"name":448,"vendor":426,"product":449,"cpe_part":450,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":451},"linux kernel","linux_kernel","o",[452,456,460,464,466,468],{"version":453,"is_range":431,"range_type":454,"version_start":446,"version_start_type":433,"version_end":455,"version_end_type":435,"fixed_in":9},"gte6.2_lt6.6.80","cpe","6.6.80",{"version":457,"is_range":431,"range_type":454,"version_start":458,"version_start_type":433,"version_end":459,"version_end_type":435,"fixed_in":9},"gte6.7_lt6.12.17","6.7","6.12.17",{"version":461,"is_range":431,"range_type":454,"version_start":462,"version_start_type":433,"version_end":463,"version_end_type":435,"fixed_in":9},"gte6.13_lt6.13.5","6.13","6.13.5",{"version":465,"is_range":111,"range_type":454,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.14:rc1",{"version":467,"is_range":111,"range_type":454,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.14:rc2",{"version":469,"is_range":111,"range_type":454,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.14:rc3"]