Bug 2425110 (CVE-2023-54119)

Summary: CVE-2023-54119 kernel: inotify: Avoid reporting event with invalid wd
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A race condition was found in the Linux kernel's inotify subsystem. When inotify_freeing_mark() races with inotify_handle_inode_event(), the event handler may read i_mark->wd after it has been reset to -1. This causes an invalid watch descriptor value of -1 to be reported to userspace applications, potentially confusing inotify listeners.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-12-24 14:03:38 UTC 
In the Linux kernel, the following vulnerability has been resolved:

inotify: Avoid reporting event with invalid wd

When inotify_freeing_mark() races with inotify_handle_inode_event() it
can happen that inotify_handle_inode_event() sees that i_mark->wd got
already reset to -1 and reports this value to userspace which can
confuse the inotify listener. Avoid the problem by validating that wd is
sensible (and pretend the mark got removed before the event got
generated otherwise).
Comment 1 Alexander B 2025-12-25 01:54:04 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122416-CVE-2023-54119-fbd4@gregkh/T