CVE-2024-50210
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error path should release the lock to make the lock balance and fput the clockid's fd to make the refcount balance and release the fd related resource.
However the below commit left the error path locked behind resulting in unbalanced locking. Check timespec64_valid_strict() before get_clock_desc() to fix it, because the "ts" is not changed after that.
[pabeni@redhat.com: fixed commit message typo]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 29f085345cde24566efb751f39e5d367c381c584 < d005400262ddaf1ca1666bbcd1acf42fe81d57ce | affected |
| Linux | Linux | e0c966bd3e31911b57ef76cec4c5796ebd88e512 < a8219446b95a859488feaade674d13f9efacfa32 | affected |
| Linux | Linux | 673a1c5a2998acbd429d6286e6cad10f17f4f073 < c7fcfdba35abc9f39b83080c2bce398dad13a943 | affected |
| Linux | Linux | c8789fbe2bbf75845e45302cba6ffa44e1884d01 < e56e0ec1b79f5a6272c6e78b36e9d593aa0449af | affected |
| Linux | Linux | 27abbde44b6e71ee3891de13e1a228aa7ce95bfe < 5f063bbf1ee6b01611c016b54e050a41506eb794 | affected |
| Linux | Linux | a3f169e398215e71361774d13bf91a0101283ac2 < 1ba33b327c3f88a7baee598979d73ab5b44d41cc | affected |
| Linux | Linux | 1ff7247101af723731ea42ed565d54fb8f341264 < b27330128eca25179637c1816d5a72d6cc408c66 | affected |
| Linux | Linux | d8794ac20a299b647ba9958f6d657051fc51a540 < 6e62807c7fbb3c758d233018caf94dfea9c65dbd | affected |
| Linux | Linux | 5.10.228 < 5.10.229 | affected |
| Linux | Linux | 5.15.169 < 5.15.170 | affected |
| Linux | Linux | 6.1.114 < 6.1.115 | affected |
| Linux | Linux | 6.6.58 < 6.6.59 | affected |
| Linux | Linux | 6.11.5 < 6.11.6 | affected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Additional References
References
- https://git.kernel.org/stable/c/d005400262ddaf1ca1666bbcd1acf42fe81d57ce
- https://git.kernel.org/stable/c/a8219446b95a859488feaade674d13f9efacfa32
- https://git.kernel.org/stable/c/c7fcfdba35abc9f39b83080c2bce398dad13a943
- https://git.kernel.org/stable/c/e56e0ec1b79f5a6272c6e78b36e9d593aa0449af
- https://git.kernel.org/stable/c/5f063bbf1ee6b01611c016b54e050a41506eb794
- https://git.kernel.org/stable/c/1ba33b327c3f88a7baee598979d73ab5b44d41cc
- https://git.kernel.org/stable/c/b27330128eca25179637c1816d5a72d6cc408c66
- https://git.kernel.org/stable/c/6e62807c7fbb3c758d233018caf94dfea9c65dbd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.