CVE-2025-68788
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
fsnotify: do not generate ACCESS/MODIFY events on child for special files
inotify/fanotify do not allow users with no read access to a file to subscribe to events (e.g. IN_ACCESS/IN_MODIFY), but they do allow the same user to subscribe for watching events on children when the user has access to the parent directory (e.g. /dev).
Users with no read access to a file but with read access to its parent directory can still stat the file and see if it was accessed/modified via atime/mtime change.
The same is not true for special files (e.g. /dev/null). Users will not generally observe atime/mtime changes when other users read/write to special files, only when someone sets atime/mtime via utimensat().
Align fsnotify events with this stat behavior and do not generate ACCESS/MODIFY events to parent watchers on read/write of special files. The events are still generated to parent watchers on utimensat(). This closes some side-channels that could be possibly used for information exfiltration [1].
[1] https://snee.la/pdf/pubs/file-notification-attacks.pdf
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 72acc854427948efed7a83da27f7dc3239ac9afc < df2711544b050aba703e6da418c53c7dc5d443ca | affected |
| Linux | Linux | 72acc854427948efed7a83da27f7dc3239ac9afc < 859bdf438f01d9aa7f84b09c1202d548c7cad9e8 | affected |
| Linux | Linux | 72acc854427948efed7a83da27f7dc3239ac9afc < 6a7d7d96eeeab7af2bd01afbb3d9878a11a13d91 | affected |
| Linux | Linux | 72acc854427948efed7a83da27f7dc3239ac9afc < e0643d46759db8b84c0504a676043e5e341b6c81 | affected |
| Linux | Linux | 72acc854427948efed7a83da27f7dc3239ac9afc < 82f7416bcbd951549e758d15fc1a96a5afc2e900 | affected |
| Linux | Linux | 72acc854427948efed7a83da27f7dc3239ac9afc < 7a93edb23bcf07a3aaf8b598edfc2faa8fbcc0b6 | affected |
| Linux | Linux | 72acc854427948efed7a83da27f7dc3239ac9afc < 635bc4def026a24e071436f4f356ea08c0eed6ff | affected |
| Linux | Linux | 2.6.36 | affected |
| Linux | Linux | 0 < 2.6.36 | unaffected |
| Linux | Linux | 5.10.248 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.198 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.160 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.120 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.64 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.3 <= 6.18.* | unaffected |
| Linux | Linux | 6.19 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/df2711544b050aba703e6da418c53c7dc5d443ca
- https://git.kernel.org/stable/c/859bdf438f01d9aa7f84b09c1202d548c7cad9e8
- https://git.kernel.org/stable/c/6a7d7d96eeeab7af2bd01afbb3d9878a11a13d91
- https://git.kernel.org/stable/c/e0643d46759db8b84c0504a676043e5e341b6c81
- https://git.kernel.org/stable/c/82f7416bcbd951549e758d15fc1a96a5afc2e900
- https://git.kernel.org/stable/c/7a93edb23bcf07a3aaf8b598edfc2faa8fbcc0b6
- https://git.kernel.org/stable/c/635bc4def026a24e071436f4f356ea08c0eed6ff
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.