CVE-2024-50210

216.73.216.226

· Published 08/11/2024 06:15 · Modified 19/11/2024 16:26

Labels: CVE-2024-50210 2024-11-08 416baaa9-dc9f-4396-8d5f-8c081fb06d67 CVE-2024-50210 CWE-667

Essential information

Published: 08/11/2024 06:15
Modified: 19/11/2024 16:26
Author: —
Creator: —
CVSS: 5.5 MEDIUM (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error path should release the lock to make the lock balance and fput the clockid's fd to make the refcount balance and release the fd related resource. However the below commit left the error path locked behind resulting in unbalanced locking. Check timespec64_valid_strict() before get_clock_desc() to fix it, because the "ts" is not changed after that. [[email protected]: fixed commit message typo]

NVD status

Status: Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD: View on NVD

Affected products (CPE)

Product	CPE
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel::::::::`
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel:5.15.169:::::::*`
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel:6.1.114:::::::*`
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel:6.6.58:::::::*`
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel:6.11.5:::::::*`
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::`