CVE-2024-35815
MEDIUMLinux Kernel Use-After-Free in AIO Request Cancellation
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct aio_kiocb. With the current code, depending on the compiler, the req->ki_ctx read happens either before the IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such that it is guaranteed that the IOCB_AIO_RW test happens first.
References (11)
Core 11
Core References
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Scores
CVSS v3
5.5
EPSS
0.0001
EPSS Percentile
2.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (25)
debian/debian_linux
10.0
linux/Kernel
4.19.308 - 4.19.312linux
linux/Kernel
5.10.211 - 5.10.215linux
linux/Kernel
5.15.150 - 5.15.154linux
linux/Kernel
5.4.270 - 5.4.274linux
linux/Kernel
6.1.80 - 6.1.84linux
linux/Kernel
6.6.19 - 6.6.24linux
linux/Kernel
6.7.7 - 6.7.12linux
Linux/Linux
18f614369def2a11a52f569fe0f910b199d13487 - 18d5fc3c16cc317bd0e5f5dabe0660df415cadb7
Linux/Linux
1dc7d74fe456944a9b1c57bd776280249f441ac6 - 5c43d0041e3a05c6c41c318b759fff16d2384596
... and 15 more
Published
May 17, 2024
Tracked Since
Feb 18, 2026