CVE-2024-43891 Information

Description

In the Linux kernel the following vulnerability has been resolved:

tracing: Have format file honor EVENT_FILE_FL_FREED

When eventfs was introduced special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would have a ref count that is set when the file is created and would be decremented and freed after the last user that opened the file closed it. When the file meta data was to be freed it would set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed and any new references made (like new opens or reads) would fail as it is marked freed. This allowed other meta data to be freed after this flag was set (under the event_mutex).

All the files that were dynamically created in the events directory had a pointer to the file meta data and would call event_release() when the last reference to the user space file was closed. This would be the time that it is safe to free the file meta data.

A shortcut was made for the ormat\ file. It’s i_private would point to the ## Reference https://git.kernel.org/stable/c/531dc6780d94245af037c25c2371c8caf652f0f9 https://git.kernel.org/stable/c/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d