CVE-2024-41075

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41075

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41075.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41075

Downstream

BELL-CVE-2024-41075

DEBIAN-CVE-2024-41075

DLA-4008-1

OESA-2024-1960

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

UBUNTU-CVE-2024-41075

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Related

Published

2024-07-29T15:15:15Z

Modified

2025-10-09T18:05:27Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

cachefiles: add consistency check for copen/cread

This prevents malicious processes from completing random copen/cread requests and crashing the system. Added checks are listed below:

Generic, copen can only complete open requests, and cread can only complete read requests.
For copen, ondemand_id must not be 0, because this indicates that the request has not been read by the daemon.
For cread, the object corresponding to fd and req should be the same.

References

Affected packages