CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions
In the Linux kernel, the following vulnerability has been resolved:
protect the fetch of ->fd[fd] in dodup2() from mispredictions
both callers have verified that fd is not greater than ->maxfds; however, misprediction might end up with tofree = fdt->fd[fd]; being speculatively executed. That's wrong for the same reasons why it's wrong in closefd()/fileclosefdlocked(); the same solution applies - arrayindexnospec(fd, fdt->maxfds) could differ from fd only in case of speculative execution on mispredicted path.
Other sources
Linux Kernel is vulnerable to a denial of service, caused by the failure to protect the fetch of ->fd[fd] in dodup2() from mispredictions. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-42265?
CVE-2024-42265 has a severity rating that indicates it could potentially lead to a denial of service or compromise of system integrity based on its exploitation.
How do I fix CVE-2024-42265?
To fix CVE-2024-42265, update your Linux kernel to version 5.10.226-1, 6.1.123-1, 6.1.119-1, 6.12.10-1, 6.12.11-1, or the specific patched version provided by your distribution.
What systems are affected by CVE-2024-42265?
CVE-2024-42265 affects specific versions of the Linux kernel, particularly those below version 5.10.226-1 and certain 6.x series versions as listed.
What is the nature of the vulnerability CVE-2024-42265?
CVE-2024-42265 is a flaw in the Linux kernel specifically related to the handling of file descriptors in the do_dup2() function.
Is there a workaround for CVE-2024-42265 if I cannot apply the fix?
While a definitive workaround may not be available, it's generally advised to minimize exposure by implementing strict access controls and monitoring systems for unusual behavior.