CVE-2024-46801
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
libfs: fix get_stashed_dentry()
get_stashed_dentry() tries to optimistically retrieve a stashed dentry from a provided location. It needs to ensure to hold rcu lock before it dereference the stashed location to prevent UAF issues. Use rcu_dereference() instead of READ_ONCE() it's effectively equivalent with some lockdep bells and whistles and it communicates clearly that this expects rcu protection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 07fd7c329839cf0b8c7766883d830a1a0d12d1dd < 03e2a1209a83a380df34a72f7d6d1bc6c74132c7 | affected |
| Linux | Linux | 07fd7c329839cf0b8c7766883d830a1a0d12d1dd < 4e32c25b58b945f976435bbe51f39b32d714052e | affected |
| Linux | Linux | 6.9 | affected |
| Linux | Linux | 0 < 6.9 | unaffected |
| Linux | Linux | 6.10.10 <= 6.10.* | unaffected |
| Linux | Linux | 6.11 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/03e2a1209a83a380df34a72f7d6d1bc6c74132c7
- https://git.kernel.org/stable/c/4e32c25b58b945f976435bbe51f39b32d714052e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.