CVE-2023-54119

In the Linux kernel, the following vulnerability has been resolved:

inotify: Avoid reporting event with invalid wd

When inotify_freeing_mark() races with inotify_handle_inode_event() it
can happen that inotify_handle_inode_event() sees that i_mark->wd got
already reset to -1 and reports this value to userspace which can
confuse the inotify listener. Avoid the problem by validating that wd is
sensible (and pretend the mark got removed before the event got
generated otherwise).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.247-1
fixed
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.158-1
fixed
trixie
6.12.57-1
fixed
trixie (security)
6.12.48-1
fixed
forky
6.17.12-1
fixed
sid
6.17.13-1
fixed
References
https://git.kernel.org/stable/c/145f54ea336b06cf4f92eeee996f2ffca939ea43
https://git.kernel.org/stable/c/17ad86d8c12220de97e80d88b5b4c934a40e1812
https://git.kernel.org/stable/c/2d65c97777e5b4a845637800d5d7b648f5772106
https://git.kernel.org/stable/c/8fb33166aed888769ea63d6af49515893f8a1f14
https://git.kernel.org/stable/c/a48bacee05860c6089c3482bcdc80720b0ee5732
https://git.kernel.org/stable/c/c915d8f5918bea7c3962b09b8884ca128bfd9b0c
https://git.kernel.org/stable/c/fb3294998489d39835006240e9c6e6b2ac62022e