PT-2024-35607 · Linux+2 · Linux Kernel+2
Jann Horn
·
Published
2024-11-18
·
Updated
2025-02-28
·
CVE-2024-53143
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue involves the order of operations in fsnotify, specifically the ordering of
iput() and the decrement of watched objects. This can lead to a Use-After-Free (UAF) of something like sb->s fs info in tmpfs. However, the UAF is hard to hit due to race orderings that are more likely to cause other issues. The fsnotify put sb watched objects() function should not call fsnotify sb watched objects() on a superblock that may have already been freed, which would cause a UAF read of sb->s fsnotify info.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Linux Kernel
Ubuntu