{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41074", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.631Z", "datePublished": "2024-07-29T14:57:33.976Z", "dateUpdated": "2024-09-11T17:34:00.299Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T14:57:33.976Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set object to close if ondemand_id < 0 in copen\n\nIf copen is maliciously called in the user mode, it may delete the request\ncorresponding to the random id. And the request may have not been read yet.\n\nNote that when the object is set to reopen, the open request will be done\nwith the still reopen state in above case. As a result, the request\ncorresponding to this object is always skipped in select_req function, so\nthe read request is never completed and blocks other process.\n\nFix this issue by simply set object to close if its id < 0 in copen."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/cachefiles/ondemand.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "703bea37d13e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "c32ee78fbc67", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "0845c553db11", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "4f8703fb3482", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/cachefiles/ondemand.c"], "versions": [{"version": "6.1.101", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.42", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.11", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/703bea37d13e4ccdafd17ae7c4cb583752ba7663"}, {"url": "https://git.kernel.org/stable/c/c32ee78fbc670e6f90989a45d340748e34cad333"}, {"url": "https://git.kernel.org/stable/c/0845c553db11c84ff53fccd59da11b6d6ece4a60"}, {"url": "https://git.kernel.org/stable/c/4f8703fb3482f92edcfd31661857b16fec89c2c0"}], "title": "cachefiles: Set object to close if ondemand_id < 0 in copen", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.484Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/703bea37d13e4ccdafd17ae7c4cb583752ba7663", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c32ee78fbc670e6f90989a45d340748e34cad333", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0845c553db11c84ff53fccd59da11b6d6ece4a60", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4f8703fb3482f92edcfd31661857b16fec89c2c0", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41074", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:21:27.454112Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:00.299Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/703bea37d13e4ccdafd17ae7c4cb583752ba7663", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c32ee78fbc670e6f90989a45d340748e34cad333", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0845c553db11c84ff53fccd59da11b6d6ece4a60", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4f8703fb3482f92edcfd31661857b16fec89c2c0", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.484Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41074", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:21:27.454112Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:20.106Z"}}], "cna": {"title": "cachefiles: Set object to close if ondemand_id < 0 in copen", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "703bea37d13e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "c32ee78fbc67", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "0845c553db11", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "4f8703fb3482", "versionType": "git"}], "programFiles": ["fs/cachefiles/ondemand.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.1.101", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.42", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.11", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/cachefiles/ondemand.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/703bea37d13e4ccdafd17ae7c4cb583752ba7663"}, {"url": "https://git.kernel.org/stable/c/c32ee78fbc670e6f90989a45d340748e34cad333"}, {"url": "https://git.kernel.org/stable/c/0845c553db11c84ff53fccd59da11b6d6ece4a60"}, {"url": "https://git.kernel.org/stable/c/4f8703fb3482f92edcfd31661857b16fec89c2c0"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set object to close if ondemand_id < 0 in copen\n\nIf copen is maliciously called in the user mode, it may delete the request\ncorresponding to the random id. And the request may have not been read yet.\n\nNote that when the object is set to reopen, the open request will be done\nwith the still reopen state in above case. As a result, the request\ncorresponding to this object is always skipped in select_req function, so\nthe read request is never completed and blocks other process.\n\nFix this issue by simply set object to close if its id < 0 in copen."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T14:57:33.976Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41074", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:00.299Z", "dateReserved": "2024-07-12T12:17:45.631Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T14:57:33.976Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set object to close if ondemand_id < 0 in copen\n\nIf copen is maliciously called in the user mode, it may delete the request\ncorresponding to the random id. And the request may have not been read yet.\n\nNote that when the object is set to reopen, the open request will be done\nwith the still reopen state in above case. As a result, the request\ncorresponding to this object is always skipped in select_req function, so\nthe read request is never completed and blocks other process.\n\nFix this issue by simply set object to close if its id < 0 in copen."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: archivos de cach\u00e9: establece el objeto para que se cierre si ondemand_id &lt; 0 en copen. Si se llama maliciosamente a copen en el modo de usuario, puede eliminar la solicitud correspondiente a la identificaci\u00f3n aleatoria. Y es posible que la solicitud a\u00fan no se haya le\u00eddo. Tenga en cuenta que cuando el objeto est\u00e1 configurado para reabrirse, la solicitud de apertura se realizar\u00e1 con el estado a\u00fan reabierto en el caso anterior. Como resultado, la solicitud correspondiente a este objeto siempre se omite en la funci\u00f3n select_req, por lo que la solicitud de lectura nunca se completa y bloquea otros procesos. Solucione este problema simplemente configurando el objeto para que se cierre si su id &lt;0 en copen."}], "id": "CVE-2024-41074", "lastModified": "2024-07-29T16:21:52.517", "metrics": {}, "published": "2024-07-29T15:15:15.097", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0845c553db11c84ff53fccd59da11b6d6ece4a60"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4f8703fb3482f92edcfd31661857b16fec89c2c0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/703bea37d13e4ccdafd17ae7c4cb583752ba7663"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c32ee78fbc670e6f90989a45d340748e34cad333"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: cachefiles: Set object to close if ondemand_id &lt; 0 in copen", "id": "2300451", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300451"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-667", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncachefiles: Set object to close if ondemand_id < 0 in copen\nIf copen is maliciously called in the user mode, it may delete the request\ncorresponding to the random id. And the request may have not been read yet.\nNote that when the object is set to reopen, the open request will be done\nwith the still reopen state in above case. As a result, the request\ncorresponding to this object is always skipped in select_req function, so\nthe read request is never completed and blocks other process.\nFix this issue by simply set object to close if its id < 0 in copen.", "A vulnerability was found in the `cachefiles` subsystem in the Linux Kernel involving the `copen` function being misused with an `ondemand_id` less than 0. This could lead to the deletion of a request before it was read, causing the request to be skipped and blocking other processes. The issue was fixed by ensuring that if the `ondemand_id` is less than 0, the object is set to close. This prevents requests from being skipped and ensures proper handling and completion of read requests, maintaining system stability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-41074", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41074\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41074\nhttps://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41074-e5d9@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.1.101, kernel 6.6.42, kernel 6.9.11, kernel 6.10"}