5.5

CVE-2024-50210

posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()

In the Linux kernel, the following vulnerability has been resolved:

posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()

If get_clock_desc() succeeds, it calls fget() for the clockid's fd,
and get the clk->rwsem read lock, so the error path should release
the lock to make the lock balance and fput the clockid's fd to make
the refcount balance and release the fd related resource.

However the below commit left the error path locked behind resulting in
unbalanced locking. Check timespec64_valid_strict() before
get_clock_desc() to fix it, because the "ts" is not changed
after that.

[pabeni@redhat.com: fixed commit message typo]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10.228 < 5.11
LinuxLinux Kernel Version5.15.169
LinuxLinux Kernel Version6.1.114
LinuxLinux Kernel Version6.6.58
LinuxLinux Kernel Version6.11.5
LinuxLinux Kernel Version6.12 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.068
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/1ba33b327c3f88a7baee598979d73ab5b44d41cc
Patch
https://git.kernel.org/stable/c/5f063bbf1ee6b01611c016b54e050a41506eb794
Patch
https://git.kernel.org/stable/c/6e62807c7fbb3c758d233018caf94dfea9c65dbd
Patch
https://git.kernel.org/stable/c/a8219446b95a859488feaade674d13f9efacfa32
Patch
https://git.kernel.org/stable/c/b27330128eca25179637c1816d5a72d6cc408c66
Patch
https://git.kernel.org/stable/c/c7fcfdba35abc9f39b83080c2bce398dad13a943
Patch
https://git.kernel.org/stable/c/d005400262ddaf1ca1666bbcd1acf42fe81d57ce
Patch
https://git.kernel.org/stable/c/e56e0ec1b79f5a6272c6e78b36e9d593aa0449af
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html