CVE-2024-50210

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: The issue is related to unbalanced locking in the pc clock settime() function. When get clock desc() succeeds, it calls fget() for the clockid's fd and gets the clk->rwsem read lock. However, the error path should release the lock to make the lock balance and fput the clockid's fd to make the refcount balance and release the fd related resource. The problem was caused by a commit that left the error path locked behind, resulting in unbalanced locking. To fix this, timespec64 valid strict() should be checked before get clock desc(), as the "ts" is not changed after that.

Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider restricting access to the pc clock settime() function until a patch is available. Additionally, ensure that the timespec64 valid strict() check is performed before calling get clock desc() to prevent unbalanced locking.