CVE-2024-26622

Summary

In the Linux kernel, the following vulnerability has been resolved:

tomoyo: fix UAF write bug in tomoyo_write_control()

Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbd03a3e4c9a9df0c6b007045fa7fc8889111a478 < a23ac1788e2c828c097119e9a3178f0b7e503feeaffected
LinuxLinuxbd03a3e4c9a9df0c6b007045fa7fc8889111a478 < 7d930a4da17958f869ef679ee0e4a8729337affcaffected
LinuxLinuxbd03a3e4c9a9df0c6b007045fa7fc8889111a478 < 3bfe04c1273d30b866f4c7c238331ed3b08e5824affected
LinuxLinuxbd03a3e4c9a9df0c6b007045fa7fc8889111a478 < 2caa605079488da9601099fbda460cfc1702839faffected
LinuxLinuxbd03a3e4c9a9df0c6b007045fa7fc8889111a478 < 6edefe1b6c29a9932f558a898968a9fcbeec5711affected
LinuxLinuxbd03a3e4c9a9df0c6b007045fa7fc8889111a478 < 2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815affected
LinuxLinux3.1affected
LinuxLinux0 < 3.1unaffected
LinuxLinux5.10.212 <= 5.10.*unaffected
LinuxLinux5.15.151 <= 5.15.*unaffected
LinuxLinux6.1.81 <= 6.1.*unaffected
LinuxLinux6.6.21 <= 6.6.*unaffected
LinuxLinux6.7.9 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References