PT-2024-32787 · Linux+5 · Linux Kernel+5

Jann Horn

·

Published

2024-10-21

·

Updated

2025-05-28

·

CVE-2024-47740

CVSS v2.0

6.8

Medium

VectorAV:L/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue concerns the Linux kernel's F2FS (Flash-Friendly File System) and its handling of atomic write ioctls. Specifically, the F2FS ioctls for starting and committing atomic writes checked for inode owner or capable(), but this did not provide an opportunity for Linux Security Modules (LSMs) like SELinux or Landlock to deny write access if the caller's FSUID matched the inode's UID. This could be bypassed in two ways: using F2FS IOC START ATOMIC REPLACE + F2FS IOC COMMIT ATOMIC WRITE to truncate an inode to size 0, or using F2FS IOC START ATOMIC WRITE + F2FS IOC ABORT ATOMIC WRITE to revert changes made by another process to a file. The fix involves requiring FMODE WRITE for these operations.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2025-03386
CVE-2024-47740
DLA-4008-1
DLA-4075-1
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2522
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2025:14705-1
USN-7166-1
USN-7166-2
USN-7166-3
USN-7166-4
USN-7186-1
USN-7186-2
USN-7194-1
USN-7276-1
USN-7277-1
USN-7293-1
USN-7294-1
USN-7294-2
USN-7294-3
USN-7294-4
USN-7295-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7393-1
USN-7401-1
USN-7403-1
USN-7413-1
USN-7468-1
USN-7539-1
USN-7540-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Ubuntu