CVE-2024-47740

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47740
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47740.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-47740
Downstream
Related
Published
2024-10-21T13:15:04Z
Modified
2025-08-09T20:01:26Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: Require FMODE_WRITE for atomic write ioctls

The F2FS ioctls for starting and committing atomic writes check for inodeownerorcapable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inodeownerorcapable() immediately returns true.

There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways:

  • F2FSIOCSTARTATOMICREPLACE + F2FSIOCCOMMITATOMICWRITE can truncate an inode to size 0
  • F2FSIOCSTARTATOMICWRITE + F2FSIOCABORTATOMICWRITE can revert changes another process concurrently made to a file

Fix it by requiring FMODEWRITE for these operations, just like for F2FSIOCMOVERANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything.

References

Affected packages