In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error path should release the lock to make the lock balance and fput the clockid's fd to make the refcount balance and release the fd related resource. However the below commit left the error path locked behind resulting in unbalanced locking. Check timespec64_valid_strict() before get_clock_desc() to fix it, because the "ts" is not changed after that. [[email protected]: fixed commit message typo]
History

Fri, 22 Nov 2024 14:00:00 +0000


Tue, 19 Nov 2024 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses CWE-667
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15.169:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1.114:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6.58:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


Fri, 08 Nov 2024 16:15:00 +0000


Fri, 08 Nov 2024 06:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error path should release the lock to make the lock balance and fput the clockid's fd to make the refcount balance and release the fd related resource. However the below commit left the error path locked behind resulting in unbalanced locking. Check timespec64_valid_strict() before get_clock_desc() to fix it, because the "ts" is not changed after that. [[email protected]: fixed commit message typo]
Title posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-11-08T06:08:00.319Z

Updated: 2024-12-19T09:35:30.669Z

Reserved: 2024-10-21T19:36:19.970Z

Link: CVE-2024-50210

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2024-11-08T06:15:17.350

Modified: 2024-11-19T16:26:34.767

Link: CVE-2024-50210

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-11-08T00:00:00Z

Links: CVE-2024-50210 - Bugzilla