CVE-2024-50210 Vulnerability Details

  /     /     /  

CVE-2024-50210 Metadata Quick Info

CVE Published: 08/11/2024 | CVE Updated: 19/11/2024 | CVE Year: 2024
Source: Linux | Vendor: Linux | Product: Linux
Status : PUBLISHED

---

CVE-2024-50210 Description

In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the clockid\'s fd, and get the clk->rwsem read lock, so the error path should release the lock to make the lock balance and fput the clockid\'s fd to make the refcount balance and release the fd related resource. However the below commit left the error path locked behind resulting in unbalanced locking. Check timespec64_valid_strict() before get_clock_desc() to fix it, because the "ts" is not changed after that. [pabeni@redhat.com: fixed commit message typo]

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name:
Source: Linux

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).