CVE-2024-53143
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-53143
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53143.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-53143
- Related
- Published
- 2024-12-07T07:15:03Z
- Modified
- 2025-03-24T18:48:50.179885Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
fsnotify: Fix ordering of iput() and watched_objects decrement
Ensure the superblock is kept alive until we're done with iput(). Holding a reference to an inode is not allowed unless we ensure the superblock stays alive, which fsnotify does by keeping the watchedobjects count elevated, so iput() must happen before the watchedobjects decrement. This can lead to a UAF of something like sb->sfsinfo in tmpfs, but the UAF is hard to hit because race orderings that oops are more likely, thanks to the CHECKDATACORRUPTION() block in genericshutdownsuper().
Also, ensure that fsnotifyputsbwatchedobjects() doesn't call fsnotifysbwatchedobjects() on a superblock that may have already been freed, which would cause a UAF read of sb->sfsnotify_info.
- References
-
- https://git.kernel.org/stable/c/21d1b618b6b9da46c5116c640ac4b1cc8d40d63a
- https://git.kernel.org/stable/c/45a8f8232a495221ed058191629f5c628f21601a
- https://git.kernel.org/stable/c/83af1cfa10d9aafdabd06b3655e07727f373b434
- https://project-zero.issues.chromium.org/issues/379667898
- https://security-tracker.debian.org/tracker/CVE-2024-53143
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.12.3-1