Updated:
Description:
In the Linux kernel, the following vulnerability has been resolved: cachefiles: defer exposing anon_fd until after copy_to_user() succeeds After installing the anonymous fd, we can now see it in userland and close it. However, at this point we may not have gotten the reference count of the cache, but we will put it during colse fd, so this may cause a cache UAF. So grab the cache reference count before fd_install(). In addition, by kernel convention, fd is taken over by the user land after fd_install(), and the kernel should not call close_fd() after that, i.e., it should call fd_install() after everything is ready, thus fd_install() is called after copy_to_user() succeeds. A vulnerability was found in the Linux kernel's cachefiles component, regarding the handling of anonymous file descriptors. This issue occurs when an anonymous fd is exposed to userland before confirming the success of the copy_to_user() operation, which can lead to a use-after-free condition.
CVSS3: 7.8
| OS | Vendor version | Errata |
|---|---|---|
| RHEL 9 | 5.14.0-503.11.1.el9_5 | RHSA-2024:9315 |
| Oracle Linux 9 | 5.14.0-503.11.1.el9_5 | ELSA-2024-9315 |
| Rocky Linux 9 | 5.14.0-503.11.1.el9_5 | RLSA-2024:9315 |
| AlmaLinux 9 | 5.14.0-503.11.1.el9_5 | ALSA-2024:9315 |
| Debian 12 | 6.1.99-1 | DSA-5731-1 |
| Amazon Linux 2023 | 6.1.96-102.177.amzn2023 | ALAS2023-2025-836 |
| Ubuntu 24.04 | 6.8.0-44.44 | USN-6999-1 |
| OS | Original kernel version | State |
|---|---|---|
| RHEL 9 |
5.14.0-70.17.1.el9_0
show all
hide all
5.14.0-70.22.1.el9_0
5.14.0-70.5.1.el9_0
5.14.0-70.13.1.el9_0
5.14.0-70.26.1.el9_0
5.14.0-70.30.1.el9_0
5.14.0-162.6.1.el9_1
5.14.0-162.12.1.el9_1
5.14.0-162.18.1.el9_1
5.14.0-162.22.2.el9_1
5.14.0-162.23.1.el9_1
5.14.0-284.11.1.el9_2
5.14.0-284.18.1.el9_2
5.14.0-284.25.1.el9_2
5.14.0-284.30.1.el9_2
5.14.0-362.8.1.el9_3
5.14.0-362.13.1.el9_3
5.14.0-362.18.1.el9_3
5.14.0-362.24.1.el9_3
5.14.0-427.13.1.el9_4
5.14.0-427.16.1.el9_4
5.14.0-427.18.1.el9_4
5.14.0-427.20.1.el9_4
5.14.0-427.22.1.el9_4
5.14.0-427.24.1.el9_4
5.14.0-427.26.1.el9_4
5.14.0-427.28.1.el9_4
5.14.0-427.31.1.el9_4
5.14.0-427.33.1.el9_4
5.14.0-427.35.1.el9_4
5.14.0-427.37.1.el9_4
5.14.0-427.40.1.el9_4
5.14.0-427.42.1.el9_4
|
Will Not Fix |
| Oracle Linux 9 |
5.14.0-70.13.1.0.3.el9_0
show all
hide all
5.14.0-70.17.1.0.1.el9_0
5.14.0-70.22.1.0.1.el9_0
5.14.0-70.26.1.0.1.el9_0
5.14.0-162.6.1.el9_1
5.14.0-284.11.1.el9_2
5.14.0-162.23.1.el9_1
5.14.0-162.22.2.el9_1
5.14.0-162.18.1.el9_1
5.14.0-162.12.1.el9_1
5.14.0-70.30.1.0.1.el9_0
5.14.0-284.18.1.el9_2
5.14.0-284.25.1.el9_2
5.14.0-284.25.1.0.1.el9_2
5.14.0-284.30.0.1.el9_2
5.14.0-284.30.1.el9_2
5.14.0-362.8.1.el9_3
5.14.0-362.13.0.1.el9_3
5.14.0-362.13.1.el9_3
5.14.0-362.18.0.1.el9_3
5.14.0-362.18.0.2.el9_3
5.14.0-362.18.1.el9_3
5.14.0-362.24.1.el9_3
5.14.0-362.24.1.0.1.el9_3
5.14.0-427.13.1.el9_4
5.14.0-427.16.1.el9_4
5.14.0-362.24.1.0.2.el9_3
5.14.0-427.18.1.el9_4
5.14.0-427.20.1.el9_4
5.14.0-427.22.1.el9_4
5.14.0-427.24.1.el9_4
5.14.0-427.26.1.el9_4
5.14.0-427.28.1.el9_4
5.14.0-427.31.1.el9_4
5.14.0-427.33.1.el9_4
5.14.0-427.35.1.el9_4
5.14.0-427.37.1.el9_4
5.14.0-427.40.1.el9_4
5.14.0-427.42.1.el9_4
|
Will Not Fix |
| Rocky Linux 9 |
5.14.0-162.6.1.el9_1
show all
hide all
5.14.0-70.26.1.el9_0
5.14.0-70.30.1.el9_0
5.14.0-70.22.1.el9_0
5.14.0-162.6.1.el9_1.0.1
5.14.0-162.18.1.el9_1
5.14.0-162.12.1.el9_1.0.1
5.14.0-162.12.1.el9_1.0.2
5.14.0-162.22.2.el9_1
5.14.0-162.23.1.el9_1
5.14.0-284.30.1.el9_2
5.14.0-362.8.1.el9_3
5.14.0-362.13.1.el9_3
5.14.0-362.18.1.el9_3
5.14.0-362.24.1.el9_3
5.14.0-362.18.1.el9_3.0.1
5.14.0-427.16.1.el9_4
5.14.0-362.24.1.el9_3.0.1
5.14.0-427.18.1.el9_4
5.14.0-427.20.1.el9_4
5.14.0-427.24.1.el9_4
5.14.0-427.26.1.el9_4
5.14.0-427.28.1.el9_4
5.14.0-427.20.1.el9_4.0.1
5.14.0-427.22.1.el9_4
5.14.0-427.31.1.el9_4
5.14.0-427.33.1.el9_4
5.14.0-427.35.1.el9_4
5.14.0-427.37.1.el9_4
5.14.0-427.40.1.el9_4
5.14.0-427.42.1.el9_4
5.14.0-284.11.1.el9_2
5.14.0-427.13.1.el9_4
|
Will Not Fix |
| AlmaLinux 9 |
5.14.0-162.6.1.el9_1
show all
hide all
5.14.0-70.26.1.el9_0
5.14.0-70.30.1.el9_0
5.14.0-70.17.1.el9_0
5.14.0-70.22.1.el9_0
5.14.0-162.12.1.el9_1
5.14.0-162.18.1.el9_1
5.14.0-162.22.2.el9_1
5.14.0-162.23.1.el9_1
5.14.0-284.11.1.el9_2
5.14.0-284.18.1.el9_2
5.14.0-70.13.1.el9_0
5.14.0-284.25.1.el9_2
5.14.0-284.30.1.el9_2
5.14.0-362.8.1.el9_3
5.14.0-362.13.1.el9_3
5.14.0-362.18.1.el9_3
5.14.0-362.24.1.el9_3
5.14.0-427.13.1.el9_4
5.14.0-427.16.1.el9_4
5.14.0-362.24.2.el9_3
5.14.0-427.18.1.el9_4
5.14.0-427.20.1.el9_4
5.14.0-427.24.1.el9_4
5.14.0-427.26.1.el9_4
5.14.0-427.28.1.el9_4
5.14.0-427.22.1.el9_4
5.14.0-427.31.1.el9_4
5.14.0-427.33.1.el9_4
5.14.0-427.35.1.el9_4
5.14.0-427.37.1.el9_4
5.14.0-427.40.1.el9_4
5.14.0-427.42.1.el9_4
|
Will Not Fix |
| Debian 12 | |
Planned |
| Amazon Linux 2023 | |
Planned |
| Ubuntu 24.04 | |
Planned |