[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2024-40947":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":23,"related":24,"reserved_at":9,"published_at":25,"modified_at":26,"state":9,"summary":27,"references_raw":29,"kevs":36,"epss":9,"epss_history":37,"metrics":38,"affected":45},"DEBIAN-CVE-2024-40947","In the Linux kernel, the following vulnerability has been resolved:  ima: Avoid blocking in RCU read-side critical section  A panic happens in ima_match_policy:  BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 42f873067 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 5 PID: 1286325 Comm: kubeletmonit.sh Kdump: loaded Tainted: P Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),                BIOS 0.0.0 02/06/2015 RIP: 0010:ima_match_policy+0x84/0x450 Code: 49 89 fc 41 89 cf 31 ed 89 44 24 14 eb 1c 44 39       7b 18 74 26 41 83 ff 05 74 20 48 8b 1b 48 3b 1d       f2 b9 f4 00 0f 84 9c 01 00 00 \u003C44> 85 73 10 74 ea       44 8b 6b 14 41 f6 c5 01 75 d4 41 f6 c5 02 74 0f RSP: 0018:ff71570009e07a80 EFLAGS: 00010207 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200 RDX: ffffffffad8dc7c0 RSI: 0000000024924925 RDI: ff3e27850dea2000 RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffabfce739 R10: ff3e27810cc42400 R11: 0000000000000000 R12: ff3e2781825ef970 R13: 00000000ff3e2785 R14: 000000000000000c R15: 0000000000000001 FS:  00007f5195b51740(0000) GS:ff3e278b12d40000(0000) knlGS:0000000000000000 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 0000000626d24002 CR4: 0000000000361ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace:  ima_get_action+0x22/0x30  process_measurement+0xb0/0x830  ? page_add_file_rmap+0x15/0x170  ? alloc_set_pte+0x269/0x4c0  ? prep_new_page+0x81/0x140  ? simple_xattr_get+0x75/0xa0  ? selinux_file_open+0x9d/0xf0  ima_file_check+0x64/0x90  path_openat+0x571/0x1720  do_filp_open+0x9b/0x110  ? page_counter_try_charge+0x57/0xc0  ? files_cgroup_alloc_fd+0x38/0x60  ? __alloc_fd+0xd4/0x250  ? do_sys_open+0x1bd/0x250  do_sys_open+0x1bd/0x250  do_syscall_64+0x5d/0x1d0  entry_SYSCALL_64_after_hwframe+0x65/0xca  Commit c7423dbdbc9e (\"ima: Handle -ESTALE returned by ima_filter_rule_match()\") introduced call to ima_lsm_copy_rule within a RCU read-side critical section which contains kmalloc with GFP_KERNEL. This implies a possible sleep and violates limitations of RCU read-side critical sections on non-PREEMPT systems.  Sleeping within RCU read-side critical section might cause synchronize_rcu() returning early and break RCU protection, allowing a UAF to happen.  The root cause of this issue could be described as follows: |\tThread A\t|\tThread B\t| |\t\t\t|ima_match_policy\t| |\t\t\t|  rcu_read_lock\t| |ima_lsm_update_rule\t|\t\t\t| |  synchronize_rcu\t|\t\t\t| |\t\t\t|    kmalloc(GFP_KERNEL)| |\t\t\t|      sleep\t\t| ==> synchronize_rcu returns early |  kfree(entry)\t\t|\t\t\t| |\t\t\t|    entry = entry->next| ==> UAF happens and entry now becomes NULL (or could be anything). |\t\t\t|    entry->action\t| ==> Accessing entry might cause panic.  To fix this issue, we are converting all kmalloc that is called within RCU read-side critical section to use GFP_ATOMIC.  [PM: fixed missing comment, long lines, !CONFIG_IMA_LSM_RULES case]",null,[],[],[],[14],{"_key":15},"CVE-2024-40947",[17,19,21],{"_key":18},"DLA-4008-1",{"_key":20},"DSA-5731-1",{"_key":22},"DSA-5747-1",[],[],"2024-07-12T13:15:17.073Z","2026-04-28T20:28:16.521877Z",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[30],{"url":31,"sources":32,"tags":34},"https://security-tracker.debian.org/tracker/CVE-2024-40947",[33],"osv_debian",[35],"Advisory",[],[],[39],{"source":33,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":40,"cvss_v4_0":9},{"baseScore":41,"baseSeverity":9,"vectorString":42,"impactScore":43,"exploitabilityScore":44},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",6,4.6,[46,65],{"ecosystem":47,"name":48,"vendor":49,"product":48,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":48,"source":9,"versions":51},"Debian","linux","debian","deb",[52,58,61,64],{"version":53,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":56,"version_end_type":57,"fixed_in":9},"lt5_10_223_1",true,"ecosystem","5.10.223-1","excluding",{"version":59,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":60,"version_end_type":57,"fixed_in":9},"lt6_1_99_1","6.1.99-1",{"version":62,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":63,"version_end_type":57,"fixed_in":9},"lt6_9_7_1","6.9.7-1",{"version":62,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":63,"version_end_type":57,"fixed_in":9},{"ecosystem":47,"name":66,"vendor":49,"product":66,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":66,"source":9,"versions":67},"linux-6.1",[68],{"version":69,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":70,"version_end_type":57,"fixed_in":9},"lt6_1_119_1~deb11u1","6.1.119-1~deb11u1"]