Updated: 2024-12-12 01:03:27.126543
Description:
In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Not Vulnerable | 2025-01-08 23:39:55 | ||
| CentOS 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2025-01-11 02:41:32 | ||
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2025-01-10 00:58:49 | ||
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2025-01-10 22:42:33 | ||
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2025-01-11 02:41:32 | ||
| CloudLinux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2025-01-10 22:42:31 | ||
| Oracle Linux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2025-01-11 02:41:32 | ||
| RHEL 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2025-05-28 00:26:02 | ||
| Ubuntu 16.04 ELS | linux | 4.4.0 | 7.8 | HIGH | Released | CLSA-2024:1716269479 | 2024-05-21 05:33:29 | |
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 7.8 | HIGH | Released | CLSA-2024:1716270851 | 2024-05-21 05:33:09 |