Description
In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error path should release the lock to make the lock balance and fput the clockid's fd to make the refcount balance and release the fd related resource. However the below commit left the error path locked behind resulting in unbalanced locking. Check timespec64_valid_strict() before get_clock_desc() to fix it, because the "ts" is not changed after that. [[email protected]: fixed commit message typo]
References (10)
Scores
CVSS v3
5.5
EPSS
0.0001
EPSS Percentile
1.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-667
Status
published
Products (6)
linux/linux_kernel
5.15.169
linux/linux_kernel
6.1.114
linux/linux_kernel
6.6.58
linux/linux_kernel
6.11.5
linux/linux_kernel
6.12 rc4
linux/linux_kernel
5.10.228 - 5.11
Published
Nov 08, 2024
Tracked Since
Feb 18, 2026