Bug 2297497 (CVE-2024-40913)
| Summary: | CVE-2024-40913 kernel: cachefiles: defer exposing anon_fd until after copy_to_user() succeeds | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dfreiber, drow, jburrell, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 6.1.95, kernel 6.6.35, kernel 6.9.6, kernel 6.10-rc4 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in the Linux kernel's cachefiles component, regarding the handling of anonymous file descriptors. This issue occurs when an anonymous fd is exposed to userland before confirming the success of the copy_to_user() operation, which can lead to a use-after-free condition.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2024-07-12 13:30:53 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:9315 https://access.redhat.com/errata/RHSA-2024:9315 |