CVE-2024-42312

In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize i_uid/i_gid Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value failed.

CVSS

No CVSS.

References

Link	Resource
https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05
https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab
https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4
https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955
https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536
https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a

Configurations

No configuration.

History

No history.

Information

Published : 2024-08-17 09:15

Updated : 2024-08-19 12:59

NVD link : CVE-2024-42312

Mitre link : CVE-2024-42312

CVE.ORG link : CVE-2024-42312

JSON object : View

Products Affected

No product.

CWE

No CWE.

{"id": "CVE-2024-42312", "cveTags": [], "metrics": {}, "published": "2024-08-17T09:15:11.240", "references": [{"url": "https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba (\"fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.\") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sysctl: inicializar siempre i_uid/i_gid Inicializar siempre i_uid/i_gid dentro del n\u00facleo sysfs para que set_ownership() pueda omitir su configuraci\u00f3n de forma segura. Commit 5ec27ec735ba (\"fs/proc/proc_sysctl.c: corrija los valores predeterminados de i_uid/i_gid en los inodos /proc/sys.\") agreg\u00f3 valores predeterminados para i_uid/i_gid cuando no se implement\u00f3 set_ownership(). Tambi\u00e9n omiti\u00f3 ajustar net_ctl_set_ownership() para usar los mismos valores predeterminados en caso de que fallara el c\u00e1lculo de un valor mejor."}], "lastModified": "2024-08-19T12:59:59.177", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}