{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42318", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-30T07:40:12.278Z", "datePublished": "2024-08-17T09:09:31.160Z", "dateUpdated": "2024-11-05T09:40:19.457Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:40:19.457Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don't lose track of restrictions on cred_transfer\n\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead. Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/landlock/cred.c"], "versions": [{"version": "385975dca53e", "lessThan": "916c648323fa", "status": "affected", "versionType": "git"}, {"version": "385975dca53e", "lessThan": "0d74fd54db0b", "status": "affected", "versionType": "git"}, {"version": "385975dca53e", "lessThan": "16896914bace", "status": "affected", "versionType": "git"}, {"version": "385975dca53e", "lessThan": "b14cc2cf313b", "status": "affected", "versionType": "git"}, {"version": "385975dca53e", "lessThan": "39705a6c29f8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/landlock/cred.c"], "versions": [{"version": "5.13", "status": "affected"}, {"version": "0", "lessThan": "5.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.165", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.103", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.44", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.3", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117"}, {"url": "https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c"}, {"url": "https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49"}, {"url": "https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff"}, {"url": "https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1"}, {"url": "https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/"}, {"url": "https://www.openwall.com/lists/oss-security/2024/08/17/2"}, {"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2566"}], "title": "landlock: Don't lose track of restrictions on cred_transfer", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/08/17/2"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-17T19:02:26.874Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42318", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:09:35.795087Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:26.227Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/08/17/2"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-17T19:02:26.874Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42318", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:09:35.795087Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:23.367Z"}}], "cna": {"title": "landlock: Don't lose track of restrictions on cred_transfer", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "385975dca53e", "lessThan": "916c648323fa", "versionType": "git"}, {"status": "affected", "version": "385975dca53e", "lessThan": "0d74fd54db0b", "versionType": "git"}, {"status": "affected", "version": "385975dca53e", "lessThan": "16896914bace", "versionType": "git"}, {"status": "affected", "version": "385975dca53e", "lessThan": "b14cc2cf313b", "versionType": "git"}, {"status": "affected", "version": "385975dca53e", "lessThan": "39705a6c29f8", "versionType": "git"}], "programFiles": ["security/landlock/cred.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.13"}, {"status": "unaffected", "version": "0", "lessThan": "5.13", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.165", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.103", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.44", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.3", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["security/landlock/cred.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117"}, {"url": "https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c"}, {"url": "https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49"}, {"url": "https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff"}, {"url": "https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1"}, {"url": "https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/"}, {"url": "https://www.openwall.com/lists/oss-security/2024/08/17/2"}, {"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2566"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don't lose track of restrictions on cred_transfer\n\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead. Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:40:19.457Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42318", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:40:19.457Z", "dateReserved": "2024-07-30T07:40:12.278Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-17T09:09:31.160Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don't lose track of restrictions on cred_transfer\n\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead. Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: landlock: no pierda de vista las restricciones en cred_transfer Cuando se reemplaza la estructura cred de un proceso, esto _almost_ always invoca el gancho LSM cred_prepare; pero en un caso especial (cuando KEYCTL_SESSION_TO_PARENT actualiza las credenciales de los padres), se utiliza el gancho LSM cred_transfer. Landlock solo implementa el gancho cred_prepare, no cred_transfer, por lo que KEYCTL_SESSION_TO_PARENT hace que se pierda toda la informaci\u00f3n sobre las restricciones de Landlock. B\u00e1sicamente, esto significa que un proceso con la capacidad de utilizar las llamadas al sistema fork() y keyctl() puede deshacerse de todas las restricciones de Landlock sobre s\u00ed mismo. Solucionelo agregando un gancho cred_transfer que haga lo mismo que el gancho cred_prepare existente. (Se implementa haciendo que hook_cred_prepare() llame a hook_cred_transfer() para que sea menos probable que las dos funciones diverjan accidentalmente en el futuro)."}], "id": "CVE-2024-42318", "lastModified": "2024-08-19T12:59:59.177", "metrics": {}, "published": "2024-08-17T09:15:11.700", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2566"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://www.openwall.com/lists/oss-security/2024/08/17/2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: landlock: Don't lose track of restrictions on cred_transfer", "id": "2305463", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305463"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nlandlock: Don't lose track of restrictions on cred_transfer\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead. Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)", "A vulnerability was found in the Linux kernel's `axi_chan_handle_err` function, which caused a kernel panic due to NULL pointer dereferencing. This issue has been fixed. The update protects the `vd` variable to prevent such crashes. The `axi_chan_block_xfer_complete` function was used as a reference for this improvement, enhancing system stability during exceptional cases."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42318", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42318\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42318\nhttps://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42318-f0c9@gregkh/T"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as the vulnerability in question does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue, and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Moderate"}