259 matches found
CVE-2024-41057 cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefileswithdrawcookie We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: slab-use-after-free in...
CVE-2024-41057
CVE-2024-41057: Linux kernel fix for slab-use-after-free in cachefiles_withdraw_cookie() during FSCACHE withdrawal. The issue could occur when a cache volume is freed while cookie lookups are in flight, leading to UAF on cachefilesVolume. The recommended fix/process order is to call fscache_withd...
CVE-2024-41051 cachefiles: wait for ondemand_object_worker to finish when dropping object
In the Linux kernel, the following vulnerability has been resolved: cachefiles: wait for ondemandobjectworker to finish when dropping object When queuing ondemandobjectworker to re-open the object, cachefilesobject is not pinned. The cachefilesobject may be freed when the pending read request is...
CVE-2024-41051 cachefiles: wait for ondemand_object_worker to finish when dropping object
In the Linux kernel, the following vulnerability has been resolved: cachefiles: wait for ondemandobjectworker to finish when dropping object When queuing ondemandobjectworker to re-open the object, cachefilesobject is not pinned. The cachefilesobject may be freed when the pending read request is...
CVE-2024-41051 cachefiles: wait for ondemand_object_worker to finish when dropping object
In the Linux kernel, the following vulnerability has been resolved: cachefiles: wait for ondemandobjectworker to finish when dropping object When queuing ondemandobjectworker to re-open the object, cachefilesobject is not pinned. The cachefilesobject may be freed when the pending read request is...
CVE-2024-41051
CVE-2024-41051 affects the Linux kernel cachefiles subsystem. When queuing ondemand_object_worker() to reopen an object, cachefiles_object may be freed if the related erofs is unmounted, causing a use-after-free if ondemand_object_worker() runs after object free. The fix requires canceling or wai...
CVE-2024-41050 cachefiles: cyclic allocation of msg_id to avoid reuse
In the Linux kernel, the following vulnerability has been resolved: cachefiles: cyclic allocation of msgid to avoid reuse Reusing the msgid after a maliciously completed reopen request may cause a read request to remain unprocessed and result in a hung, as shown below: t1 | t2 | t3...
CVE-2024-41050 cachefiles: cyclic allocation of msg_id to avoid reuse
In the Linux kernel, the following vulnerability has been resolved: cachefiles: cyclic allocation of msgid to avoid reuse Reusing the msgid after a maliciously completed reopen request may cause a read request to remain unprocessed and result in a hung, as shown below: t1 | t2 | t3...
CVE-2024-41050
CVE-2024-41050 (Linux kernel) affects the cachefiles subsystem, specifically the ondemand path handling of object reopening. The vulnerability arises from cyclic re-use of msg_id after a malicious reopen, which can cause a read request to remain unprocessed and lead to a hang. The root cause is r...
CVE-2024-41050 cachefiles: cyclic allocation of msg_id to avoid reuse
In the Linux kernel, the following vulnerability has been resolved: cachefiles: cyclic allocation of msgid to avoid reuse Reusing the msgid after a maliciously completed reopen request may cause a read request to remain unprocessed and result in a hung, as shown below: t1 | t2 | t3...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that when using the cachefileswithdrawcookie function, the fscachevolume may have been released but...
CVE-2024-40935
In the Linux kernel, the following vulnerability has been resolved: cachefiles: flush all requests after setting CACHEFILESDEAD In ondemand mode, when the daemon is processing an open request, if the kernel flags the cache as CACHEFILESDEAD, the cachefilesdaemonwrite will always return -EIO, so t...
CVE-2024-40913
A vulnerability was found in the Linux kernel's cachefiles component, regarding the handling of anonymous file descriptors. This issue occurs when an anonymous fd is exposed to userland before confirming the success of the copytouser operation, which can lead to a use-after-free condition...
CVE-2024-40900
In the Linux kernel, the following vulnerability has been resolved: cachefiles: remove requests from xarray during flushing requests Even with CACHEFILESDEAD set, we can still read the requests, so in the following concurrency the request may be used after it has been freed: mount | daemonthread1...
CVE-2024-39510
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefilesondemanddaemonread We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN:...
SUSE CVE-2024-40899
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefilesondemandgetfd We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN:...
SUSE CVE-2024-40900
In the Linux kernel, the following vulnerability has been resolved: cachefiles: remove requests from xarray during flushing requests Even with CACHEFILESDEAD set, we can still read the requests, so in the following concurrency the request may be used after it has been freed: mount | daemonthread1...
SUSE CVE-2024-40913
In the Linux kernel, the following vulnerability has been resolved: cachefiles: defer exposing anonfd until after copytouser succeeds After installing the anonymous fd, we can now see it in userland and close it. However, at this point we may not have gotten the reference count of the cache, but ...
SUSE CVE-2024-40935
In the Linux kernel, the following vulnerability has been resolved: cachefiles: flush all requests after setting CACHEFILESDEAD In ondemand mode, when the daemon is processing an open request, if the kernel flags the cache as CACHEFILESDEAD, the cachefilesdaemonwrite will always return -EIO, so t...
SUSE CVE-2024-39510
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefilesondemanddaemonread We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN:...