CVE-2024-40935

In the Linux kernel, the following vulnerability has been resolved: cachefiles: flush all requests after setting CACHEFILESDEAD In ondemand mode, when the daemon is processing an open request, if the kernel flags the cache as CACHEFILESDEAD, the cachefilesdaemonwrite will always return -EIO, so t...

CVE-2024-40935 cachefiles: flush all requests after setting CACHEFILES_DEAD

In the Linux kernel, the following vulnerability has been resolved: cachefiles: flush all requests after setting CACHEFILESDEAD In ondemand mode, when the daemon is processing an open request, if the kernel flags the cache as CACHEFILESDEAD, the cachefilesdaemonwrite will always return -EIO, so t...

CVE-2024-40935

CVE-2024-40935 affects the Linux kernel cachefiles subsystem. In ondemand mode, when the cache is marked as CACHEFILES_DEAD, cachefiles_daemon_write() returns -EIO, preventing the daemon from passing the copen to the kernel and causing a hung_task for the waiting process. The fix requires flushin...

CVE-2024-40935 cachefiles: flush all requests after setting CACHEFILES_DEAD

In the Linux kernel, the following vulnerability has been resolved: cachefiles: flush all requests after setting CACHEFILESDEAD In ondemand mode, when the daemon is processing an open request, if the kernel flags the cache as CACHEFILESDEAD, the cachefilesdaemonwrite will always return -EIO, so t...

CVE-2024-40913 cachefiles: defer exposing anon_fd until after copy_to_user() succeeds

In the Linux kernel, the following vulnerability has been resolved: cachefiles: defer exposing anonfd until after copytouser succeeds After installing the anonymous fd, we can now see it in userland and close it. However, at this point we may not have gotten the reference count of the cache, but ...

CVE-2024-40913 cachefiles: defer exposing anon_fd until after copy_to_user() succeeds

In the Linux kernel, the following vulnerability has been resolved: cachefiles: defer exposing anonfd until after copytouser succeeds After installing the anonymous fd, we can now see it in userland and close it. However, at this point we may not have gotten the reference count of the cache, but ...

CVE-2024-40913

Technical details for CVE-2024-40913 are not provided in the supplied documents. Monitor for updates from vendors/advisories.

CVE-2024-40913 cachefiles: defer exposing anon_fd until after copy_to_user() succeeds

In the Linux kernel, the following vulnerability has been resolved: cachefiles: defer exposing anonfd until after copytouser succeeds After installing the anonymous fd, we can now see it in userland and close it. However, at this point we may not have gotten the reference count of the cache, but ...

CVE-2024-40900 cachefiles: remove requests from xarray during flushing requests

In the Linux kernel, the following vulnerability has been resolved: cachefiles: remove requests from xarray during flushing requests Even with CACHEFILESDEAD set, we can still read the requests, so in the following concurrency the request may be used after it has been freed: mount | daemonthread1...

CVE-2024-40900 cachefiles: remove requests from xarray during flushing requests

In the Linux kernel, the following vulnerability has been resolved: cachefiles: remove requests from xarray during flushing requests Even with CACHEFILESDEAD set, we can still read the requests, so in the following concurrency the request may be used after it has been freed: mount | daemonthread1...

CVE-2024-40900

In the Linux kernel, the following vulnerability has been resolved: cachefiles: remove requests from xarray during flushing requests Even with CACHEFILESDEAD set, we can still read the requests, so in the following concurrency the request may be used after it has been freed: mount | daemonthread1...

CVE-2024-40900

CVE-2024-40900 affects the Linux kernel cachefiles path: a use-after-free can occur where requests are not removed from cache->reqs during flushing, allowing access to freed REQ objects in a concurrent flush scenario. The described sequence shows a freed req being accessed by cachefiles_ondema...

CVE-2024-40900 cachefiles: remove requests from xarray during flushing requests

In the Linux kernel, the following vulnerability has been resolved: cachefiles: remove requests from xarray during flushing requests Even with CACHEFILESDEAD set, we can still read the requests, so in the following concurrency the request may be used after it has been freed: mount | daemonthread1...

CVE-2024-40899 cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefilesondemandgetfd We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN:...

CVE-2024-40899 cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefilesondemandgetfd We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN:...

CVE-2024-40899

CVE-2024-40899 is a Linux kernel vulnerability in the cachefiles subsystem, causing a slab-use-after-free in cachefiles_ondemand_get_fd via a restore-triggered path that can lead to use-after-free in cachefiles_ondemand_daemon_read. The connected documents identify the issue as resolved by a patc...

CVE-2024-39510 cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefilesondemanddaemonread We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN:...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel, which stems from a post-release reuse issue in the cachefiles component in the cachefilesondemanddaemonread function...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue in the cachefiles component in the cachefilesondemandgetfd function...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a failure of the cachefiles component to properly delay exposing anonymous file descriptors after a successful copytouser function...