CVE-2024-40935

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue occurs in the Linux kernel when the daemon is processing an open request in ondemand mode and the kernel flags the cache as CACHEFILES DEAD. The cachefiles daemon write() function will always return -EIO, preventing the daemon from passing the copen to the kernel. This triggers a hung task in the kernel process waiting for the copen. Since the DEAD state is irreversible, it can only be exited by closing /dev/cachefiles. To avoid this, all requests are flushed after setting CACHEFILES DEAD in ondemand mode. It is possible to read some cached data before closing the fd of /dev/cachefiles. This fix relies on a patch that adds reference counting to the req; otherwise, it may result in a use-after-free (UAF) condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.