mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
2.4 KiB
2.4 KiB
CVE-2024-50210
Description
In the Linux kernel, the following vulnerability has been resolved:posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()If get_clock_desc() succeeds, it calls fget() for the clockid's fd,and get the clk->rwsem read lock, so the error path should releasethe lock to make the lock balance and fput the clockid's fd to makethe refcount balance and release the fd related resource.However the below commit left the error path locked behind resulting inunbalanced locking. Check timespec64_valid_strict() beforeget_clock_desc() to fix it, because the "ts" is not changedafter that.[pabeni@redhat.com: fixed commit message typo]
POC
Reference
No PoCs from references.