CVE-2024-40938 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix d_parent walk The WARN_ON_ONCE() in collect_domain_accesses() can be triggered when trying to link a root mount point. This cannot work in practice because this directory is mounted, but the VFS check is done after the call to security_path_link(). Do not use source directory's d_parent when the source directory is the mount point. [mic: Fix commit message]

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/88da52ccd66e65f2e63a6c35c9dff55d448ef4dc
https://git.kernel.org/stable/c/b6e5e696435832b33e40775f060ef5c95f4fda1f
https://git.kernel.org/stable/c/c7618c7b0b8c45bcef34410cc1d1e953eb17f8f6
https://git.kernel.org/stable/c/cc30d05b34f9a087a6928d09b131f7b491e9ab11
https://lore.kernel.org/linux-cve-announce/2024071218-CVE-2024-40938-1619@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-40938
https://www.cve.org/CVERecord?id=CVE-2024-40938

History

Thu, 12 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-12T12:25:14.463Z

Updated: 2024-12-19T09:08:33.855Z

Reserved: 2024-07-12T12:17:45.584Z

Link: CVE-2024-40938

Vulnrichment

Updated: 2024-08-02T04:39:55.945Z

NVD

Status : Awaiting Analysis

Published: 2024-07-12T13:15:16.247

Modified: 2024-11-21T09:31:54.610

Link: CVE-2024-40938

Redhat

Severity : Moderate

Publid Date: 2024-07-12T00:00:00Z

Links: CVE-2024-40938 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40938", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.584Z", "datePublished": "2024-07-12T12:25:14.463Z", "dateUpdated": "2024-12-19T09:08:33.855Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:08:33.855Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Fix d_parent walk\n\nThe WARN_ON_ONCE() in collect_domain_accesses() can be triggered when\ntrying to link a root mount point. This cannot work in practice because\nthis directory is mounted, but the VFS check is done after the call to\nsecurity_path_link().\n\nDo not use source directory's d_parent when the source directory is the\nmount point.\n\n[mic: Fix commit message]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/landlock/fs.c"], "versions": [{"version": "b91c3e4ea756b12b7d992529226edce1cfd854d7", "lessThan": "b6e5e696435832b33e40775f060ef5c95f4fda1f", "status": "affected", "versionType": "git"}, {"version": "b91c3e4ea756b12b7d992529226edce1cfd854d7", "lessThan": "cc30d05b34f9a087a6928d09b131f7b491e9ab11", "status": "affected", "versionType": "git"}, {"version": "b91c3e4ea756b12b7d992529226edce1cfd854d7", "lessThan": "c7618c7b0b8c45bcef34410cc1d1e953eb17f8f6", "status": "affected", "versionType": "git"}, {"version": "b91c3e4ea756b12b7d992529226edce1cfd854d7", "lessThan": "88da52ccd66e65f2e63a6c35c9dff55d448ef4dc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/landlock/fs.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b6e5e696435832b33e40775f060ef5c95f4fda1f"}, {"url": "https://git.kernel.org/stable/c/cc30d05b34f9a087a6928d09b131f7b491e9ab11"}, {"url": "https://git.kernel.org/stable/c/c7618c7b0b8c45bcef34410cc1d1e953eb17f8f6"}, {"url": "https://git.kernel.org/stable/c/88da52ccd66e65f2e63a6c35c9dff55d448ef4dc"}], "title": "landlock: Fix d_parent walk", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.945Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b6e5e696435832b33e40775f060ef5c95f4fda1f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cc30d05b34f9a087a6928d09b131f7b491e9ab11", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c7618c7b0b8c45bcef34410cc1d1e953eb17f8f6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/88da52ccd66e65f2e63a6c35c9dff55d448ef4dc", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40938", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:36.699030Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:26.368Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b6e5e696435832b33e40775f060ef5c95f4fda1f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cc30d05b34f9a087a6928d09b131f7b491e9ab11", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c7618c7b0b8c45bcef34410cc1d1e953eb17f8f6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/88da52ccd66e65f2e63a6c35c9dff55d448ef4dc", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.945Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40938", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:36.699030Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:22.770Z"}}], "cna": {"title": "landlock: Fix d_parent walk", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "b91c3e4ea756", "lessThan": "b6e5e6964358", "versionType": "git"}, {"status": "affected", "version": "b91c3e4ea756", "lessThan": "cc30d05b34f9", "versionType": "git"}, {"status": "affected", "version": "b91c3e4ea756", "lessThan": "c7618c7b0b8c", "versionType": "git"}, {"status": "affected", "version": "b91c3e4ea756", "lessThan": "88da52ccd66e", "versionType": "git"}], "programFiles": ["security/landlock/fs.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.19"}, {"status": "unaffected", "version": "0", "lessThan": "5.19", "versionType": "custom"}, {"status": "unaffected", "version": "6.1.95", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.35", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.6", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["security/landlock/fs.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b6e5e696435832b33e40775f060ef5c95f4fda1f"}, {"url": "https://git.kernel.org/stable/c/cc30d05b34f9a087a6928d09b131f7b491e9ab11"}, {"url": "https://git.kernel.org/stable/c/c7618c7b0b8c45bcef34410cc1d1e953eb17f8f6"}, {"url": "https://git.kernel.org/stable/c/88da52ccd66e65f2e63a6c35c9dff55d448ef4dc"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Fix d_parent walk\n\nThe WARN_ON_ONCE() in collect_domain_accesses() can be triggered when\ntrying to link a root mount point. This cannot work in practice because\nthis directory is mounted, but the VFS check is done after the call to\nsecurity_path_link().\n\nDo not use source directory's d_parent when the source directory is the\nmount point.\n\n[mic: Fix commit message]"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:51:50.058Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40938", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:26.368Z", "dateReserved": "2024-07-12T12:17:45.584Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:25:14.463Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Fix d_parent walk\n\nThe WARN_ON_ONCE() in collect_domain_accesses() can be triggered when\ntrying to link a root mount point. This cannot work in practice because\nthis directory is mounted, but the VFS check is done after the call to\nsecurity_path_link().\n\nDo not use source directory's d_parent when the source directory is the\nmount point.\n\n[mic: Fix commit message]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: landlock: Fix d_parent walk WARN_ON_ONCE() en Collect_domain_accesses() se puede activar al intentar vincular un punto de montaje ra\u00edz. Esto no puede funcionar en la pr\u00e1ctica porque este directorio est\u00e1 montado, pero la verificaci\u00f3n de VFS se realiza despu\u00e9s de llamar a security_path_link(). No utilice d_parent del directorio de origen cuando el directorio de origen sea el punto de montaje. [micr\u00f3fono: Arreglar mensaje de confirmaci\u00f3n]"}], "id": "CVE-2024-40938", "lastModified": "2024-11-21T09:31:54.610", "metrics": {}, "published": "2024-07-12T13:15:16.247", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/88da52ccd66e65f2e63a6c35c9dff55d448ef4dc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b6e5e696435832b33e40775f060ef5c95f4fda1f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c7618c7b0b8c45bcef34410cc1d1e953eb17f8f6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cc30d05b34f9a087a6928d09b131f7b491e9ab11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/88da52ccd66e65f2e63a6c35c9dff55d448ef4dc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/b6e5e696435832b33e40775f060ef5c95f4fda1f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/c7618c7b0b8c45bcef34410cc1d1e953eb17f8f6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/cc30d05b34f9a087a6928d09b131f7b491e9ab11"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: landlock: Fix d_parent walk", "id": "2297522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297522"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nlandlock: Fix d_parent walk\nThe WARN_ON_ONCE() in collect_domain_accesses() can be triggered when\ntrying to link a root mount point. This cannot work in practice because\nthis directory is mounted, but the VFS check is done after the call to\nsecurity_path_link().\nDo not use source directory's d_parent when the source directory is the\nmount point.\n[mic: Fix commit message]", "A vulnerability was found in the Linux kernel's Landlock security module. This issue could trigger a `WARN_ON_ONCE()` when trying to link a root mount point, as the VFS check was incorrectly done after `security_path_link()`. This issue was resolved by fixing the `d_parent` walk in `collect_domain_accesses()`."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40938", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40938\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40938\nhttps://lore.kernel.org/linux-cve-announce/2024071218-CVE-2024-40938-1619@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}