Fix for Unbalanced Locking in pc_clock_settime()
CVE-2024-50210

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 November 2024

What is CVE-2024-50210?

In the Linux kernel, the following vulnerability has been resolved:

posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()

If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error path should release the lock to make the lock balance and fput the clockid's fd to make the refcount balance and release the fd related resource.

However the below commit left the error path locked behind resulting in unbalanced locking. Check timespec64_valid_strict() before get_clock_desc() to fix it, because the "ts" is not changed after that.

[pabeni@redhat.com: fixed commit message typo]

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 29f085345cde24566efb751f39e5d367c381c584

Linux e0c966bd3e31911b57ef76cec4c5796ebd88e512

Linux 673a1c5a2998acbd429d6286e6cad10f17f4f073

References

https://git.kernel.org/stable/c/d005400262ddaf1ca1666bbcd...

https://git.kernel.org/stable/c/a8219446b95a859488feaade6...

https://git.kernel.org/stable/c/c7fcfdba35abc9f39b83080c2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 8, 2024
Vulnerability Reserved
Oct 21, 2024

JSON

Linux

What is CVE-2024-50210?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.