CVE-2024-50210

posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()

If get_clock_desc() succeeds, it calls fget() for the clockid's fd,
and get the clk->rwsem read lock, so the error path should release
the lock to make the lock balance and fput the clockid's fd to make
the refcount balance and release the fd related resource.

However the below commit left the error path locked behind resulting in
unbalanced locking. Check timespec64_valid_strict() before
get_clock_desc() to fix it, because the "ts" is not changed
after that.

[pabeni@redhat.com: fixed commit message typo]

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-08 CVE Published
2024-11-08 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/c8789fbe2bbf75845e45302cba6ffa44e1884d01	Vuln. Introduced
https://git.kernel.org/stable/c/27abbde44b6e71ee3891de13e1a228aa7ce95bfe	Vuln. Introduced
https://git.kernel.org/stable/c/a3f169e398215e71361774d13bf91a0101283ac2	Vuln. Introduced
https://git.kernel.org/stable/c/1ff7247101af723731ea42ed565d54fb8f341264	Vuln. Introduced
https://git.kernel.org/stable/c/d8794ac20a299b647ba9958f6d657051fc51a540	Vuln. Introduced
https://git.kernel.org/stable/c/673a1c5a2998acbd429d6286e6cad10f17f4f073	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/e56e0ec1b79f5a6272c6e78b36e9d593aa0449af	2024-11-01
https://git.kernel.org/stable/c/5f063bbf1ee6b01611c016b54e050a41506eb794	2024-11-01
https://git.kernel.org/stable/c/1ba33b327c3f88a7baee598979d73ab5b44d41cc	2024-11-01
https://git.kernel.org/stable/c/b27330128eca25179637c1816d5a72d6cc408c66	2024-11-01
https://git.kernel.org/stable/c/6e62807c7fbb3c758d233018caf94dfea9c65dbd	2024-10-23

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.169 < 5.15.170 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.169 < 5.15.170"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.114 < 6.1.115 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.114 < 6.1.115"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.58 < 6.6.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.58 < 6.6.59"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11.5 < 6.11.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11.5 < 6.11.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.12-rc4 < 6.12-rc5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.12-rc4 < 6.12-rc5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.10.228 Search vendor "Linux" for product "Linux Kernel" and version "5.10.228"		en		Affected