CVE-2024-47740
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-47740
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47740.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-47740
- Downstream
- Related
- Published
- 2024-10-21T12:14:09.171Z
- Modified
- 2025-11-28T02:35:08.061976Z
- Summary
- f2fs: Require FMODE_WRITE for atomic write ioctls
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
f2fs: Require FMODE_WRITE for atomic write ioctls
The F2FS ioctls for starting and committing atomic writes check for inodeownerorcapable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inodeownerorcapable() immediately returns true.
There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways:
- F2FSIOCSTARTATOMICREPLACE + F2FSIOCCOMMITATOMICWRITE can truncate an inode to size 0
- F2FSIOCSTARTATOMICWRITE + F2FSIOCABORTATOMICWRITE can revert changes another process concurrently made to a file
Fix it by requiring FMODEWRITE for these operations, just like for F2FSIOCMOVERANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47740.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/000bab8753ae29a259feb339b99ee759795a48ac
- https://git.kernel.org/stable/c/32f348ecc149e9ca70a1c424ae8fa9b6919d2713
- https://git.kernel.org/stable/c/4583290898c13c2c2e5eb8773886d153c2c5121d
- https://git.kernel.org/stable/c/4ce87674c3a6b4d3b3d45f85b584ab8618a3cece
- https://git.kernel.org/stable/c/4f5a100f87f32cb65d4bb1ad282a08c92f6f591e
- https://git.kernel.org/stable/c/5e0de753bfe87768ebe6744d869caa92f35e5731
- https://git.kernel.org/stable/c/700f3a7c7fa5764c9f24bbf7c78e0b6e479fa653
- https://git.kernel.org/stable/c/88ff021e1fea2d9b40b2d5efd9013c89f7be04ac
- https://git.kernel.org/stable/c/f3bfac2cabf5333506b263bc0c8497c95302f32d
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47740.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-47740
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced88b88a66797159949cec32eaab12b4968f6fae2dFixed700f3a7c7fa5764c9f24bbf7c78e0b6e479fa653Fixed4ce87674c3a6b4d3b3d45f85b584ab8618a3ceceFixed000bab8753ae29a259feb339b99ee759795a48acFixed88ff021e1fea2d9b40b2d5efd9013c89f7be04acFixed32f348ecc149e9ca70a1c424ae8fa9b6919d2713Fixed5e0de753bfe87768ebe6744d869caa92f35e5731Fixedf3bfac2cabf5333506b263bc0c8497c95302f32dFixed4583290898c13c2c2e5eb8773886d153c2c5121dFixed4f5a100f87f32cb65d4bb1ad282a08c92f6f591e
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.18.0Fixed4.19.323
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.285
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.227
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.168
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.113
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.54
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.10.13
- Type
- ECOSYSTEM
- Events
-
Introduced6.11.0Fixed6.11.2