CVE-2024-40938

Summary

In the Linux kernel, the following vulnerability has been resolved:

landlock: Fix d_parent walk

The WARN_ON_ONCE() in collect_domain_accesses() can be triggered when trying to link a root mount point. This cannot work in practice because this directory is mounted, but the VFS check is done after the call to security_path_link().

Do not use source directory's d_parent when the source directory is the mount point.

[mic: Fix commit message]

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb91c3e4ea756b12b7d992529226edce1cfd854d7 < b6e5e696435832b33e40775f060ef5c95f4fda1faffected
LinuxLinuxb91c3e4ea756b12b7d992529226edce1cfd854d7 < cc30d05b34f9a087a6928d09b131f7b491e9ab11affected
LinuxLinuxb91c3e4ea756b12b7d992529226edce1cfd854d7 < c7618c7b0b8c45bcef34410cc1d1e953eb17f8f6affected
LinuxLinuxb91c3e4ea756b12b7d992529226edce1cfd854d7 < 88da52ccd66e65f2e63a6c35c9dff55d448ef4dcaffected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux6.1.95 <= 6.1.*unaffected
LinuxLinux6.6.35 <= 6.6.*unaffected
LinuxLinux6.9.6 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References