5.5

CVE-2024-41075

cachefiles: add consistency check for copen/cread

In the Linux kernel, the following vulnerability has been resolved:

cachefiles: add consistency check for copen/cread

This prevents malicious processes from completing random copen/cread
requests and crashing the system. Added checks are listed below:

  * Generic, copen can only complete open requests, and cread can only
    complete read requests.
  * For copen, ondemand_id must not be 0, because this indicates that the
    request has not been read by the daemon.
  * For cread, the object corresponding to fd and req should be the same.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.19 < 6.1.101
LinuxLinux Kernel Version >= 6.2 < 6.6.42
LinuxLinux Kernel Version >= 6.7 < 6.9.11
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
LinuxLinux Kernel Version6.10 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.113
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/36d845ccd7bf527110a65fe953886a176c209539
Patch
https://git.kernel.org/stable/c/3b744884c0431b5a62c92900e64bfd0ed61e8e2a
Patch
https://git.kernel.org/stable/c/8aaa6c5dd2940ab934d6cd296175f43dbb32b34a
Patch
https://git.kernel.org/stable/c/a26dc49df37e996876f50a0210039b2d211fdd6f
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html