CVE-2024-42318

landlock: Don't lose track of restrictions on cred_transfer

Description

In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on cred_transfer When a process' cred struct is replaced, this _almost_ always invokes the cred_prepare LSM hook; but in one special case (when KEYCTL_SESSION_TO_PARENT updates the parent's credentials), the cred_transfer LSM hook is used instead. Landlock only implements the cred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes all information on Landlock restrictions to be lost. This basically means that a process with the ability to use the fork() and keyctl() syscalls can get rid of all Landlock restrictions on itself. Fix it by adding a cred_transfer hook that does the same thing as the existing cred_prepare hook. (Implemented by having hook_cred_prepare() call hook_cred_transfer() so that the two functions are less likely to accidentally diverge in the future.)

N/A
CVSS
Severity:
EPSS 0.09%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117
https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c
https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49
https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff
https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1
https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/
https://www.openwall.com/lists/oss-security/2024/08/17/2
https://bugs.chromium.org/p/project-zero/issues/detail?id=2566
http://www.openwall.com/lists/oss-security/2024/08/17/2

Frequently Asked Questions

What is the severity of CVE-2024-42318?
CVE-2024-42318 has not yet been assigned a CVSS score.
How to fix CVE-2024-42318?
To fix CVE-2024-42318, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-42318 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-42318 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42318?
CVE-2024-42318 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.