admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-477xx/CVE-2024-47740.json
cad-safe-bot 3e98f265db Auto-Update: 2024-11-08T17:00:26.454342+00:00
2024-11-08 17:03:28 +00:00

57 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-47740",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:04.103",
"lastModified": "2024-11-08T16:15:27.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: Require FMODE_WRITE for atomic write ioctls\n\nThe F2FS ioctls for starting and committing atomic writes check for\ninode_owner_or_capable(), but this does not give LSMs like SELinux or\nLandlock an opportunity to deny the write access - if the caller's FSUID\nmatches the inode's UID, inode_owner_or_capable() immediately returns true.\n\nThere are scenarios where LSMs want to deny a process the ability to write\nparticular files, even files that the FSUID of the process owns; but this\ncan currently partially be bypassed using atomic write ioctls in two ways:\n\n - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can\n truncate an inode to size 0\n - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert\n changes another process concurrently made to a file\n\nFix it by requiring FMODE_WRITE for these operations, just like for\nF2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these\nioctls when intending to write into the file, that seems unlikely to break\nanything."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: Requerir FMODE_WRITE para ioctls de escritura at\u00f3mica Los ioctls de F2FS para iniciar y confirmar escrituras at\u00f3micas comprueban inode_owner_or_capable(), pero esto no da a los LSM como SELinux o Landlock la oportunidad de denegar el acceso de escritura: si el FSUID del llamador coincide con el UID del inodo, inode_owner_or_capable() devuelve verdadero inmediatamente. Hay escenarios en los que los LSM quieren denegar a un proceso la capacidad de escribir archivos particulares, incluso archivos que el FSUID del proceso posee; pero esto actualmente se puede omitir parcialmente usando ioctls de escritura at\u00f3mica de dos maneras: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE puede truncar un inodo a tama\u00f1o 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE puede revertir los cambios que otro proceso realiz\u00f3 simult\u00e1neamente en un archivo Arr\u00e9glelo requiriendo FMODE_WRITE para estas operaciones, al igual que para F2FS_IOC_MOVE_RANGE. Dado que cualquier llamador leg\u00edtimo solo debe usar estos ioctls cuando tenga la intenci\u00f3n de escribir en el archivo, parece poco probable que eso rompa algo."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/000bab8753ae29a259feb339b99ee759795a48ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/32f348ecc149e9ca70a1c424ae8fa9b6919d2713",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4583290898c13c2c2e5eb8773886d153c2c5121d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4ce87674c3a6b4d3b3d45f85b584ab8618a3cece",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4f5a100f87f32cb65d4bb1ad282a08c92f6f591e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5e0de753bfe87768ebe6744d869caa92f35e5731",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/700f3a7c7fa5764c9f24bbf7c78e0b6e479fa653",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/88ff021e1fea2d9b40b2d5efd9013c89f7be04ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f3bfac2cabf5333506b263bc0c8497c95302f32d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink