PT-2024-29817 · Linux+9 · Linux Kernel+9
Al Viro
+1
·
Published
2024-03-27
·
Updated
2025-10-03
·
CVE-2024-42265
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.50
Description
The issue is related to the Linux kernel, specifically with the
do dup2() function, where a misprediction might lead to speculative execution of tofree = fdt->fd[fd]. This is wrong for the same reasons it is wrong in close fd()/file close fd locked(). The solution involves using array index nospec(fd, fdt->max fds) to protect against mispredictions. The vulnerability is associated with incorrect input validation in the fs/file component of the Linux kernel, which could allow an attacker to cause a denial of service.Recommendations
For Linux kernel versions prior to 6.6.50, update to version 6.6.50 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable
do dup2() function until a patch is available. Avoid using the fd variable in the affected do dup2() function until the issue is resolved.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu