CVE-2024-53143
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-53143 is a vulnerability affecting the Linux kernel's fsnotify component. This issue stems from a problem with the ordering of certain functions, leading to a use-after-free (UAF) vulnerability. Specifically, iput() must occur before watched_objects are decremented, preventing the release of a reference to an inode and keeping the superblock alive. Failure to adhere to this ordering can result in a UAF of sb->s_fs_info in tmpfs. Additionally, fsnotify_put_sb_watched_objects() needs to avoid calling fsnotify_sb_watched_objects() on a superblock that has already been freed to prevent a UAF read of sb->s_fsnotify_info.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX