{"timestamp":"2024-12-11T14:22:39.197739Z","id":"CVE-2024-53143","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/notify/mark.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d2f277e26f521ccf6fb438463b41dba6123caabe","lessThan":"45a8f8232a495221ed058191629f5c628f21601a","versionType":"git","status":"affected"},{"version":"d2f277e26f521ccf6fb438463b41dba6123caabe","lessThan":"83af1cfa10d9aafdabd06b3655e07727f373b434","versionType":"git","status":"affected"},{"version":"d2f277e26f521ccf6fb438463b41dba6123caabe","lessThan":"21d1b618b6b9da46c5116c640ac4b1cc8d40d63a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/notify/mark.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","versionType":"semver","status":"unaffected"},{"version":"6.11.11","lessThanOrEqual":"6.11.*","versionType":"semver","status":"unaffected"},{"version":"6.12.2","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.13","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

OR
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.12 up to (excluding) 6.12.2
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.10 up to (excluding) 6.11.11

kernel.org: https://git.kernel.org/stable/c/21d1b618b6b9da46c5116c640ac4b1cc8d40d63a Types: Patch

kernel.org: https://git.kernel.org/stable/c/45a8f8232a495221ed058191629f5c628f21601a Types: Patch

kernel.org: https://git.kernel.org/stable/c/83af1cfa10d9aafdabd06b3655e07727f373b434 Types: Patch

kernel.org: https://project-zero.issues.chromium.org/issues/379667898 Types: Patch

https://project-zero.issues.chromium.org/issues/379667898

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416

In the Linux kernel, the following vulnerability has been resolved:

fsnotify: Fix ordering of iput() and watched_objects decrement

Ensure the superblock is kept alive until we're done with iput().
Holding a reference to an inode is not allowed unless we ensure the
superblock stays alive, which fsnotify does by keeping the
watched_objects count elevated, so iput() must happen before the
watched_objects decrement.
This can lead to a UAF of something like sb->s_fs_info in tmpfs, but the
UAF is hard to hit because race orderings that oops are more likely, thanks
to the CHECK_DATA_CORRUPTION() block in generic_shutdown_super().

Also, ensure that fsnotify_put_sb_watched_objects() doesn't call
fsnotify_sb_watched_objects() on a superblock that may have already been
freed, which would cause a UAF read of sb->s_fsnotify_info.

https://git.kernel.org/stable/c/21d1b618b6b9da46c5116c640ac4b1cc8d40d63a

https://git.kernel.org/stable/c/45a8f8232a495221ed058191629f5c628f21601a

https://git.kernel.org/stable/c/83af1cfa10d9aafdabd06b3655e07727f373b434