CVE-2024-38580
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
epoll: be better about file lifetimes
epoll can call out to vfs_poll() with a file pointer that may race with the last 'fput()'. That would make f_count go down to zero, and while the ep->mtx locking means that the resulting file pointer tear-down will be blocked until the poll returns, it means that f_count is already dead, and any use of it won't actually get a reference to the file any more: it's dead regardless.
Make sure we have a valid ref on the file pointer before we call down to vfs_poll() from the epoll routines.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 559214eb4e5c3d05e69428af2fae2691ba1eb784 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4f65f4defe4e23659275ce5153541cd4f76ce2d2 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 16e3182f6322575eb7c12e728ad3c7986a189d5d | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4efaa5acf0a1d2b5947f98abb3acf8bfd966422b | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 5.15.161 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.93 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.33 <= 6.6.* | unaffected |
| Linux | Linux | 6.8.12 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e
- https://git.kernel.org/stable/c/559214eb4e5c3d05e69428af2fae2691ba1eb784
- https://git.kernel.org/stable/c/4f65f4defe4e23659275ce5153541cd4f76ce2d2
- https://git.kernel.org/stable/c/16e3182f6322575eb7c12e728ad3c7986a189d5d
- https://git.kernel.org/stable/c/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e
- https://git.kernel.org/stable/c/559214eb4e5c3d05e69428af2fae2691ba1eb784
- https://git.kernel.org/stable/c/4f65f4defe4e23659275ce5153541cd4f76ce2d2
- https://git.kernel.org/stable/c/16e3182f6322575eb7c12e728ad3c7986a189d5d
- https://git.kernel.org/stable/c/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.