mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 13:36:56 +00:00
68 lines
3.5 KiB
JSON
68 lines
3.5 KiB
JSON
{
|
|
"id": "CVE-2024-53143",
|
|
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"published": "2024-12-07T07:15:03.780",
|
|
"lastModified": "2024-12-13T14:15:22.443",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: Fix ordering of iput() and watched_objects decrement\n\nEnsure the superblock is kept alive until we're done with iput().\nHolding a reference to an inode is not allowed unless we ensure the\nsuperblock stays alive, which fsnotify does by keeping the\nwatched_objects count elevated, so iput() must happen before the\nwatched_objects decrement.\nThis can lead to a UAF of something like sb->s_fs_info in tmpfs, but the\nUAF is hard to hit because race orderings that oops are more likely, thanks\nto the CHECK_DATA_CORRUPTION() block in generic_shutdown_super().\n\nAlso, ensure that fsnotify_put_sb_watched_objects() doesn't call\nfsnotify_sb_watched_objects() on a superblock that may have already been\nfreed, which would cause a UAF read of sb->s_fsnotify_info."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fsnotify: Arreglar el orden de iput() y el decremento de watching_objects Asegurarse de que el superbloque se mantenga activo hasta que terminemos con iput(). No se permite mantener una referencia a un inodo a menos que aseguremos que el superbloque se mantenga activo, lo que fsnotify hace manteniendo elevado el conteo de watching_objects, por lo que iput() debe ocurrir antes del decremento de watching_objects. Esto puede llevar a un UAF de algo como sb->s_fs_info en tmpfs, pero el UAF es dif\u00edcil de alcanzar porque las \u00f3rdenes de ejecuci\u00f3n que oops son m\u00e1s probables, gracias al bloque CHECK_DATA_CORRUPTION() en generic_shutdown_super(). Adem\u00e1s, aseg\u00farese de que fsnotify_put_sb_watched_objects() no llame a fsnotify_sb_watched_objects() en un superbloque que ya puede haber sido liberado, lo que causar\u00eda una lectura UAF de sb->s_fsnotify_info."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-416"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/21d1b618b6b9da46c5116c640ac4b1cc8d40d63a",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/45a8f8232a495221ed058191629f5c628f21601a",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/83af1cfa10d9aafdabd06b3655e07727f373b434",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
}
|
|
]
|
|
} |