CVE-2024-26622

tomoyo: fix UAF write bug in tomoyo_write_control()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

tomoyo: fix UAF write bug in tomoyo_write_control()

Since tomoyo_write_control() updates head->write_buf when write()
of long lines is requested, we need to fetch head->write_buf after
head->io_sem is held. Otherwise, concurrent write() requests can
cause use-after-free-write and double-free problems.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tomoyo: corrige el error de escritura UAF en tomoyo_write_control() Dado que tomoyo_write_control() actualiza head->write_buf cuando se solicita write() de líneas largas, necesitamos recuperar head->write_buf después head->io_sem se mantiene. De lo contrario, las solicitudes de escritura () simultáneas pueden causar problemas de use-after-free-write y de doble liberación.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-03-04 CVE Published
2024-03-07 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/bd03a3e4c9a9df0c6b007045fa7fc8889111a478	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/a23ac1788e2c828c097119e9a3178f0b7e503fee	2024-03-06
https://git.kernel.org/stable/c/7d930a4da17958f869ef679ee0e4a8729337affc	2024-03-06
https://git.kernel.org/stable/c/3bfe04c1273d30b866f4c7c238331ed3b08e5824	2024-03-06
https://git.kernel.org/stable/c/2caa605079488da9601099fbda460cfc1702839f	2024-03-06
https://git.kernel.org/stable/c/6edefe1b6c29a9932f558a898968a9fcbeec5711	2024-03-06
https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815	2024-03-01

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 5.10.212 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 5.10.212"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 5.15.151 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 5.15.151"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 6.1.81 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 6.1.81"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 6.6.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 6.6.21"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 6.7.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 6.7.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 6.8"		en		Affected