Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2024-50010

Disclosure Date: October 21, 2024 •

CVE-2024-50010 CVSS v3 Base Score: 4.7

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

exec: don’t WARN for racy path_noexec check

Both i_mode and noexec checks wrapped in WARN_ON stem from an artifact
of the previous implementation. They used to legitimately check for the
condition, but that got moved up in two commits:
633fb6ac3980 (“exec: move S_ISREG() check earlier”)
0fd338b2d2cd (“exec: move path_noexec() check earlier”)

Instead of being removed said checks are WARN_ON’ed instead, which
has some debug value.

However, the spurious path_noexec check is racy, resulting in
unwarranted warnings should someone race with setting the noexec flag.

One can note there is more to perm-checking whether execve is allowed
and none of the conditions are guaranteed to still hold after they were
tested for.

Additionally this does not validate whether the code path did any perm
checking to begin with — it will pass if the inode happens to be
regular.

Keep the redundant path_noexec() check even though it’s mindless
nonsense checking for guarantee that isn’t given so drop the WARN.

Reword the commentary and do small tidy ups while here.

[brauner: keep redundant path_noexec() check]

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

4.7 Medium

Impact Score:

3.6

Exploitability Score:

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

High

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

linux

Products

linux kernel

References

Canonical

CVE-2024-50010 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50010)

Miscellaneous

https://git.kernel.org/stable/c/d62ba2a5536df83473a2ac15ab302258e3845251

https://git.kernel.org/stable/c/0d196e7589cefe207d5d41f37a0a28a1fdeeb7c6

https://git.kernel.org/stable/c/b723f96407a0a078cf75970e4dbf16b46d286a61

https://git.kernel.org/stable/c/0bdf77be2330062b3a64f2bec39f62ab874a6796

https://git.kernel.org/stable/c/0d16f53c91111cec914f0811fcc526a2ba77b20d

https://git.kernel.org/stable/c/c9b77438077d5a20c79ead95bcdaf9bd4797baaf

Rapid7

Unknown

CVE-2024-50010

Unknown

Unknown

None

Low

Local

CVE-2024-50010

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-50010

Unknown

Unknown

None

Low

Local

CVE-2024-50010

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification