5.5

CVE-2024-35815

fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion

In the Linux kernel, the following vulnerability has been resolved:

fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion

The first kiocb_set_cancel_fn() argument may point at a struct kiocb
that is not embedded inside struct aio_kiocb. With the current code,
depending on the compiler, the req->ki_ctx read happens either before
the IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such
that it is guaranteed that the IOCB_AIO_RW test happens first.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.308 < 4.19.312
LinuxLinux Kernel Version >= 5.4.270 < 5.4.274
LinuxLinux Kernel Version >= 5.10.211 < 5.10.215
LinuxLinux Kernel Version >= 5.15.150 < 5.15.154
LinuxLinux Kernel Version >= 6.1.80 < 6.1.84
LinuxLinux Kernel Version >= 6.6.19 < 6.6.24
LinuxLinux Kernel Version >= 6.7.7 < 6.7.12
LinuxLinux Kernel Version6.8 Updaterc6
LinuxLinux Kernel Version6.8 Updaterc7
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.157
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Third Party Advisory
https://git.kernel.org/stable/c/10ca82aff58434e122c7c757cf0497c335f993f3
Patch
https://git.kernel.org/stable/c/18d5fc3c16cc317bd0e5f5dabe0660df415cadb7
Patch
https://git.kernel.org/stable/c/396dbbc18963648e9d1a4edbb55cfe08fa374d50
Patch
https://git.kernel.org/stable/c/5c43d0041e3a05c6c41c318b759fff16d2384596
Patch
https://git.kernel.org/stable/c/94eb0293703ced580f05dfbe5a57da5931e9aee2
Patch
https://git.kernel.org/stable/c/961ebd120565cb60cebe21cb634fbc456022db4a
Patch
https://git.kernel.org/stable/c/a71cba07783abc76b547568b6452cd1dd9981410
Patch
https://git.kernel.org/stable/c/c01ed748847fe8b810d86efc229b9e6c7fafa01e
Patch
https://cert-portal.siemens.com/productcert/html/ssa-265688.html