CVE-2024-40938

landlock: Fix d_parent walk

Description

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix d_parent walk The WARN_ON_ONCE() in collect_domain_accesses() can be triggered when trying to link a root mount point. This cannot work in practice because this directory is mounted, but the VFS check is done after the call to security_path_link(). Do not use source directory's d_parent when the source directory is the mount point. [mic: Fix commit message]

N/A

CVSS

Severity:

EPSS 0.11%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/b6e5e696435832b33e40775f060ef5c95f4fda1f
https://git.kernel.org/stable/c/cc30d05b34f9a087a6928d09b131f7b491e9ab11
https://git.kernel.org/stable/c/c7618c7b0b8c45bcef34410cc1d1e953eb17f8f6
https://git.kernel.org/stable/c/88da52ccd66e65f2e63a6c35c9dff55d448ef4dc

Frequently Asked Questions

What is the severity of CVE-2024-40938?: CVE-2024-40938 has not yet been assigned a CVSS score.
How to fix CVE-2024-40938?: To fix CVE-2024-40938, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-40938 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-40938 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-40938?: CVE-2024-40938 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.