← Back to CVEs
CVE-2024-26622
HIGH7.8
Description
In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems.
CVE Details
CVSS v3.1 Score7.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published3/4/2024
Last Modified11/4/2025
Sourcenvd
Honeypot Sightings0
Affected Products
linux:linux_kernel
Weaknesses (CWE)
CWE-416
References
https://git.kernel.org/stable/c/2caa605079488da9601099fbda460cfc1702839f(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/3bfe04c1273d30b866f4c7c238331ed3b08e5824(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/6edefe1b6c29a9932f558a898968a9fcbeec5711(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/7d930a4da17958f869ef679ee0e4a8729337affc(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/a23ac1788e2c828c097119e9a3178f0b7e503fee(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/2caa605079488da9601099fbda460cfc1702839f(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/3bfe04c1273d30b866f4c7c238331ed3b08e5824(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/6edefe1b6c29a9932f558a898968a9fcbeec5711(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/7d930a4da17958f869ef679ee0e4a8729337affc(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/a23ac1788e2c828c097119e9a3178f0b7e503fee(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.