References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

https://project-zero.issues.chromium.org/issues/379667898

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416

In the Linux kernel, the following vulnerability has been resolved:

fsnotify: Fix ordering of iput() and watched_objects decrement

Ensure the superblock is kept alive until we're done with iput().
Holding a reference to an inode is not allowed unless we ensure the
superblock stays alive, which fsnotify does by keeping the
watched_objects count elevated, so iput() must happen before the
watched_objects decrement.
This can lead to a UAF of something like sb->s_fs_info in tmpfs, but the
UAF is ha

https://git.kernel.org/stable/c/21d1b618b6b9da46c5116c640ac4b1cc8d40d63a

https://git.kernel.org/stable/c/45a8f8232a495221ed058191629f5c628f21601a

https://git.kernel.org/stable/c/83af1cfa10d9aafdabd06b3655e07727f373b434