CVE-2024-35904
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
selinux: avoid dereference of garbage after mount failure
In case kern_mount() fails and returns an error pointer return in the error branch instead of continuing and dereferencing the error pointer.
While on it drop the never read static variable selinuxfs_mount.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0619f0f5e36f12e100ef294f5980cfe7c93ff23e < 477ed6789eb9f3f4d3568bb977f90c863c12724e | affected |
| Linux | Linux | 0619f0f5e36f12e100ef294f5980cfe7c93ff23e < 68784a5d01b8868ff85a7926676b6729715fff3c | affected |
| Linux | Linux | 0619f0f5e36f12e100ef294f5980cfe7c93ff23e < 37801a36b4d68892ce807264f784d818f8d0d39b | affected |
| Linux | Linux | 4.17 | affected |
| Linux | Linux | 0 < 4.17 | unaffected |
| Linux | Linux | 6.6.26 <= 6.6.* | unaffected |
| Linux | Linux | 6.8.5 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e
- https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c
- https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b
- http://www.openwall.com/lists/oss-security/2024/05/30/2
- http://www.openwall.com/lists/oss-security/2024/05/30/1
References
- https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e
- https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c
- https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.