Improper Locking Affecting kernel-doc package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL7-KERNELDOC-8417800
- published 26 Nov 2024
- disclosed 8 Nov 2024
Introduced: 8 Nov 2024
New CVE-2024-50210 Open this link in a new tabHow to fix?
There is no fixed version for RHEL:7 kernel-doc.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-doc package and not the kernel-doc package as distributed by RHEL.
See How to fix? for RHEL:7 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error path should release the lock to make the lock balance and fput the clockid's fd to make the refcount balance and release the fd related resource.
However the below commit left the error path locked behind resulting in unbalanced locking. Check timespec64_valid_strict() before get_clock_desc() to fix it, because the "ts" is not changed after that.
[pabeni@redhat.com: fixed commit message typo]
References
- https://access.redhat.com/security/cve/CVE-2024-50210
- https://git.kernel.org/stable/c/1ba33b327c3f88a7baee598979d73ab5b44d41cc
- https://git.kernel.org/stable/c/5f063bbf1ee6b01611c016b54e050a41506eb794
- https://git.kernel.org/stable/c/6e62807c7fbb3c758d233018caf94dfea9c65dbd
- https://git.kernel.org/stable/c/a8219446b95a859488feaade674d13f9efacfa32
- https://git.kernel.org/stable/c/b27330128eca25179637c1816d5a72d6cc408c66
- https://git.kernel.org/stable/c/c7fcfdba35abc9f39b83080c2bce398dad13a943
- https://git.kernel.org/stable/c/d005400262ddaf1ca1666bbcd1acf42fe81d57ce
- https://git.kernel.org/stable/c/e56e0ec1b79f5a6272c6e78b36e9d593aa0449af