LiveActive security incident?Get immediate response
CVE Record

CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active

In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpoll_owner_active KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822) <snip> read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2: netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393) netpoll_send_udp (net/core/netpoll.c:?) <snip> value changed: 0x0000000a -> 0xffffffff This happens because netpoll_owner_active() needs to check if the current CPU is the owner of the lock, touching napi->poll_owner non atomically. The ->poll_owner field contains the current CPU holding the lock. Use an atomic read to check if the poll owner is the current CPU.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2024-41005 is a Linux kernel race condition in netpoll, a low-level networking path. The public record says the bug was detected by KCSAN and fixed by using an atomic read. Business urgency depends on kernel exposure and vendor package status; no severity score or active exploitation evidence is provided.

Executive priority

Treat this as a patch-management item until vendor severity is clarified. It deserves tracking because it is kernel-level, but the current public evidence does not support emergency response without affected high-risk assets or vendor escalation.

Technical view

The race is between net_rx_action and netpoll_send_skb over napi->poll_owner. netpoll_owner_active checked the current CPU ownership non-atomically while the field could change. Stable Linux fixes update that ownership check to use an atomic read across multiple supported kernel branches.

Likely exposure

Exposure is limited to Linux systems running affected kernel versions or downstream products that include affected kernels. The bundle lists Linux as affected and references Debian LTS and Siemens advisories, but it does not provide product-specific impact details or a CVSS score.

Exploitation context

The provided sources show a concurrency bug found by KCSAN and corrected in Linux stable commits. The CVE is not marked KEV, and the bundle contains no evidence of public exploitation, weaponization, or attacker prerequisites.

Researcher notes

The key evidence is the KCSAN data race involving napi->poll_owner and the stable fix changing netpoll_owner_active to use atomic_read. The source bundle lacks CVSS, CWE, exploitability details, and downstream product specifics, so conclusions should stay conservative.

Mitigation direction

  • Map production systems to their exact Linux kernel versions.
  • Apply vendor kernel updates that include the referenced stable fixes.
  • Review Debian LTS and Siemens advisories if those platforms are in scope.
  • Check kernel.org stable commits for branch-specific fixed versions.
  • Prioritize internet-facing and high-availability Linux systems for patch scheduling.

Validation and detection

  • Confirm each host is outside the affected kernel ranges listed in the CVE record.
  • Verify installed vendor kernel packages include the stable netpoll fix.
  • Review change records for systems using netpoll-related networking paths.
  • Track advisories from Linux distributors and embedded vendors in your environment.
  • Document exceptions where vendor guidance is unavailable or pending.
Prepared
Confidence
medium
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-41005 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
3ADP providers
11Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
other:ssvc
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux89c4b442b78bdba388337cc746fe63caba85f46c, 89c4b442b78bdba388337cc746fe63caba85f46c, 89c4b442b78bdba388337cc746fe63caba85f46c, 89c4b442b78bdba388337cc746fe63caba85f46c, 89c4b442b78bdba388337cc746fe63caba85f46c, 89c4b442b78bdba388337cc746fe63caba85f46cunaffected
LinuxLinux4.10, 0, 5.10.221, 5.15.162, 6.1.96, 6.6.36, 6.9.7, 6.10affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.