CVE-2024-42318

MEDIUM EPSS 20.6%
Published Aug 17, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Aug 17, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on cred_transfer When a process' cred struct is replaced, this _almost_ always invokes the cred_prepare LSM hook; but in one special case (when KEYCTL_SESSION_TO_PARENT updates the parent's credentials), the cred_transfer LSM hook is used instead. Landlock only implements the cred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes all information on Landlock restrictions to be lost. This basically means that a process with the ability to use the fork() and keyctl() syscalls can get rid of all Landlock restrictions on itself. Fix it by adding a cred_transfer hook that does the same thing as the existing cred_prepare hook. (Implemented by having hook_cred_prepare() call hook_cred_transfer() so that the two functions are less likely to accidentally diverge in the future.)

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
20.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥5.13  –  <5.15.165
linuxlinux_kernel*≥5.16  –  <6.1.103
linuxlinux_kernel*≥6.2  –  <6.6.44
linuxlinux_kernel*≥6.7  –  <6.10.3

References 10

  • openwall.com http://www.openwall.com/lists/oss-security/2024/08/17/2
    Mailing List
  • bugs.chromium.org https://bugs.chromium.org/p/project-zero/issues/detail?id=2566
    Issue TrackingThird Party Advisory
  • git.kernel.org https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lore.kernel.org https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/
    Mailing List
  • openwall.com https://www.openwall.com/lists/oss-security/2024/08/17/2
    Mailing List

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff
    Patch