CVE-2024-46801
MEDIUM EPSS 9.1%
Published Sep 18, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Sep 18, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: libfs: fix get_stashed_dentry() get_stashed_dentry() tries to optimistically retrieve a stashed dentry from a provided location. It needs to ensure to hold rcu lock before it dereference the stashed location to prevent UAF issues. Use rcu_dereference() instead of READ_ONCE() it's effectively equivalent with some lockdep bells and whistles and it communicates clearly that this expects rcu protection.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
9.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 7
References 2
- git.kernel.org https://git.kernel.org/stable/c/03e2a1209a83a380df34a72f7d6d1bc6c74132c7
- git.kernel.org https://git.kernel.org/stable/c/4e32c25b58b945f976435bbe51f39b32d714052e
Remediation
- git.kernel.org https://git.kernel.org/stable/c/03e2a1209a83a380df34a72f7d6d1bc6c74132c7
- git.kernel.org https://git.kernel.org/stable/c/4e32c25b58b945f976435bbe51f39b32d714052e