- Vulnerability/
- CVE-2024-42318
CVE-2024-42318: landlock: Don't lose track of restrictions on cred_transfer
First published: Sat Aug 17 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on cred_transfer When a process' cred struct is replaced, this _almost_ always invokes the cred_prepare LSM hook; but in one special case (when KEYCTL_SESSION_TO_PARENT updates the parent's credentials), the cred_transfer LSM hook is used instead. Landlock only implements the cred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes all information on Landlock restrictions to be lost. This basically means that a process with the ability to use the fork() and keyctl() syscalls can get rid of all Landlock restrictions on itself. Fix it by adding a cred_transfer hook that does the same thing as the existing cred_prepare hook. (Implemented by having hook_cred_prepare() call hook_cred_transfer() so that the two functions are less likely to accidentally diverge in the future.)
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.11-1 6.12.12-1 | |
| debian/linux-6.1 | 6.1.119-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2566
- https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c
- https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49
- https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1
- https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117
- https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff
- https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/
- https://www.openwall.com/lists/oss-security/2024/08/17/2
- https://git.kernel.org/linus/39705a6c29f8a2b93cf5b99528a55366c50014d1
- https://security-tracker.debian.org/tracker/CVE-2024-42318
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42318
- https://nvd.nist.gov/vuln/detail/CVE-2024-42318
- https://launchpad.net/bugs/cve/CVE-2024-42318
- https://ubuntu.com/security/CVE-2024-42318
- http://www.openwall.com/lists/oss-security/2024/08/17/2
Frequently Asked Questions
What is the severity of CVE-2024-42318?
CVE-2024-42318 has been classified as a medium severity vulnerability in the Linux kernel.
How do I fix CVE-2024-42318?
To fix CVE-2024-42318, update your Linux kernel to version 5.10.223-1, 5.10.226-1, 6.1.123-1, 6.1.119-1, 6.12.11-1, or 6.12.12-1.
Which Linux kernel versions are affected by CVE-2024-42318?
CVE-2024-42318 affects multiple Linux kernel versions prior to the patched releases listed in the fix.
Is CVE-2024-42318 a DoS vulnerability?
CVE-2024-42318 does not directly result in a denial of service, but it can lead to privilege escalation under specific conditions.
What systems are at risk from CVE-2024-42318?
Systems running vulnerable versions of the Linux kernel are at risk from CVE-2024-42318 and should be promptly updated.
- agent/severity
- agent/title
- agent/first-publish-date
- agent/type
- collector/oss-sec
- source/oss-sec
- alias/CVE-2024-42318
- collector/nvd-api
- source/NVD
- agent/author
- collector/nvd-cve
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/source
- package-manager/debian