References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock

... or we risk stealing final mntput from sync umount - raising mnt_count
after umount(2) has verified that victim is not busy, but before it
has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see
that it's safe to quietly undo mnt_count increment and leaves dropping
the reference to caller, where it'll be a full-blown mntput().

Check under

https://git.kernel.org/stable/c/250cf3693060a5f803c5f1ddc082bb06b16112a9

https://git.kernel.org/stable/c/628fb00195ce21a90cf9e4e3d105cd9e58f77b40

https://git.kernel.org/stable/c/8cafd7266fa02e0863bacbf872fe635c0b9725eb

https://git.kernel.org/stable/c/9b0915e72b3cf52474dcee0b24a2f99d93e604a3

https://git.kernel.org/stable/c/b55996939c71a3e1a38f3cdc6a8859797efc9083

https://git.kernel.org/stable/c/b89eb56a378b7b2c1176787fc228d0a57172bdd5

https://git.kernel.org/stable/c/d8ece4ced3b051e656c77180df2e69e19e24edc1

https://git.kernel.org/stable/c/f6d45fd92f62845cbd1eb5128fd8f0ed7d0c5a42