CVE-2024-35815

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35815
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35815.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-35815
Downstream
Related
Published
2024-05-17T13:23:20Z
Modified
2025-10-15T11:49:44.868465Z
Summary
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
Details

In the Linux kernel, the following vulnerability has been resolved:

fs/aio: Check IOCBAIORW before the struct aio_kiocb conversion

The first kiocbsetcancelfn() argument may point at a struct kiocb that is not embedded inside struct aiokiocb. With the current code, depending on the compiler, the req->kictx read happens either before the IOCBAIORW test or after that test. Move the req->kictx read such that it is guaranteed that the IOCBAIORW test happens first.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
337b543e274fe7a8f47df3c8293cc6686ffa620f
Fixed
10ca82aff58434e122c7c757cf0497c335f993f3
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942
Fixed
396dbbc18963648e9d1a4edbb55cfe08fa374d50
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ea1cd64d59f22d6d13f367d62ec6e27b9344695f
Fixed
94eb0293703ced580f05dfbe5a57da5931e9aee2
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d7b6fa97ec894edd02f64b83e5e72e1aa352f353
Fixed
a71cba07783abc76b547568b6452cd1dd9981410
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
18f614369def2a11a52f569fe0f910b199d13487
Fixed
18d5fc3c16cc317bd0e5f5dabe0660df415cadb7
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e7e23fc5d5fe422827c9a43ecb579448f73876c7
Fixed
c01ed748847fe8b810d86efc229b9e6c7fafa01e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1dc7d74fe456944a9b1c57bd776280249f441ac6
Fixed
5c43d0041e3a05c6c41c318b759fff16d2384596
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b820de741ae48ccf50dd95e297889c286ff4f760
Fixed
961ebd120565cb60cebe21cb634fbc456022db4a

Affected versions

v4.*

v4.19.308
v4.19.309
v4.19.310
v4.19.311

v5.*

v5.10.211
v5.10.212
v5.10.213
v5.10.214
v5.15.150
v5.15.151
v5.15.152
v5.15.153
v5.4.270
v5.4.271
v5.4.272
v5.4.273

v6.*

v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.6.19
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.7.10
v6.7.11
v6.7.7
v6.7.8
v6.7.9
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "file": "fs/aio.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@18d5fc3c16cc317bd0e5f5dabe0660df415cadb7",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "165589069350849338997817885961941384731",
                    "297580709308519975641587896744498493780",
                    "227555984023614100696935605235153085820",
                    "123781859307729710997529857182005813705",
                    "253902081320620977051508326705377022191",
                    "16519353414836953525084799913400527836",
                    "32176798434136627845177775022680485422",
                    "309913423989991834651830004244172554203",
                    "6210011134214165327645595897988782286",
                    "87828247640311716779402007839934415277"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2024-35815-0825eaa8"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "fs/aio.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@396dbbc18963648e9d1a4edbb55cfe08fa374d50",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "165589069350849338997817885961941384731",
                    "297580709308519975641587896744498493780",
                    "227555984023614100696935605235153085820",
                    "123781859307729710997529857182005813705",
                    "253902081320620977051508326705377022191",
                    "16519353414836953525084799913400527836",
                    "32176798434136627845177775022680485422",
                    "309913423989991834651830004244172554203",
                    "6210011134214165327645595897988782286",
                    "87828247640311716779402007839934415277"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2024-35815-1dbcc4ea"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "kiocb_set_cancel_fn",
                "file": "fs/aio.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@396dbbc18963648e9d1a4edbb55cfe08fa374d50",
            "deprecated": false,
            "digest": {
                "length": 452.0,
                "function_hash": "47112707098233641580847855780239622339"
            },
            "id": "CVE-2024-35815-23de48c7"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "fs/aio.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@94eb0293703ced580f05dfbe5a57da5931e9aee2",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "165589069350849338997817885961941384731",
                    "297580709308519975641587896744498493780",
                    "227555984023614100696935605235153085820",
                    "123781859307729710997529857182005813705",
                    "253902081320620977051508326705377022191",
                    "16519353414836953525084799913400527836",
                    "32176798434136627845177775022680485422",
                    "309913423989991834651830004244172554203",
                    "6210011134214165327645595897988782286",
                    "87828247640311716779402007839934415277"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2024-35815-24d7c0b2"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "kiocb_set_cancel_fn",
                "file": "fs/aio.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@10ca82aff58434e122c7c757cf0497c335f993f3",
            "deprecated": false,
            "digest": {
                "length": 452.0,
                "function_hash": "47112707098233641580847855780239622339"
            },
            "id": "CVE-2024-35815-8a68d325"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "kiocb_set_cancel_fn",
                "file": "fs/aio.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@94eb0293703ced580f05dfbe5a57da5931e9aee2",
            "deprecated": false,
            "digest": {
                "length": 452.0,
                "function_hash": "47112707098233641580847855780239622339"
            },
            "id": "CVE-2024-35815-9cd45e30"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "kiocb_set_cancel_fn",
                "file": "fs/aio.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@18d5fc3c16cc317bd0e5f5dabe0660df415cadb7",
            "deprecated": false,
            "digest": {
                "length": 452.0,
                "function_hash": "47112707098233641580847855780239622339"
            },
            "id": "CVE-2024-35815-bed0ce8a"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "fs/aio.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@10ca82aff58434e122c7c757cf0497c335f993f3",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "165589069350849338997817885961941384731",
                    "297580709308519975641587896744498493780",
                    "227555984023614100696935605235153085820",
                    "123781859307729710997529857182005813705",
                    "253902081320620977051508326705377022191",
                    "16519353414836953525084799913400527836",
                    "32176798434136627845177775022680485422",
                    "309913423989991834651830004244172554203",
                    "6210011134214165327645595897988782286",
                    "87828247640311716779402007839934415277"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2024-35815-eaaf9f4e"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.19.308
Fixed
4.19.312
Type
ECOSYSTEM
Events
Introduced
5.4.270
Fixed
5.4.274
Type
ECOSYSTEM
Events
Introduced
5.10.211
Fixed
5.10.215
Type
ECOSYSTEM
Events
Introduced
5.15.150
Fixed
5.15.154
Type
ECOSYSTEM
Events
Introduced
6.1.80
Fixed
6.1.84
Type
ECOSYSTEM
Events
Introduced
6.6.19
Fixed
6.6.24
Type
ECOSYSTEM
Events
Introduced
6.7.7
Fixed
6.7.12