CVE-2024-41075

cachefiles: add consistency check for copen/cread

Description

In the Linux kernel, the following vulnerability has been resolved: cachefiles: add consistency check for copen/cread This prevents malicious processes from completing random copen/cread requests and crashing the system. Added checks are listed below: * Generic, copen can only complete open requests, and cread can only complete read requests. * For copen, ondemand_id must not be 0, because this indicates that the request has not been read by the daemon. * For cread, the object corresponding to fd and req should be the same.

N/A
CVSS
Severity:
EPSS 0.12%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/3b744884c0431b5a62c92900e64bfd0ed61e8e2a
https://git.kernel.org/stable/c/36d845ccd7bf527110a65fe953886a176c209539
https://git.kernel.org/stable/c/8aaa6c5dd2940ab934d6cd296175f43dbb32b34a
https://git.kernel.org/stable/c/a26dc49df37e996876f50a0210039b2d211fdd6f

Frequently Asked Questions

What is the severity of CVE-2024-41075?
CVE-2024-41075 has not yet been assigned a CVSS score.
How to fix CVE-2024-41075?
To fix CVE-2024-41075, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-41075 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-41075 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-41075?
CVE-2024-41075 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.