CVE-2025-22029 Information

Apr 17, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

exec: fix the racy usage of fs_struct->in_exec

check_unsafe_exec() sets fs->in_exec under cred_guard_mutex then execve() paths clear fs->in_exec lockless. This is fine if exec succeeds but if it fails we have the following race:

T1 sets fs->in_exec = 1 fails drops cred_guard_mutex

T2 sets fs->in_exec = 1

T1 clears fs->in_exec

T2 continues with fs->in_exec == 0

Change fs/exec.c to clear fs->in_exec with cred_guard_mutex held.

Reference

https://git.kernel.org/stable/c/753a620a7f8e134b444f89fe90873234e894e21a https://git.kernel.org/stable/c/a6b5070721503fb6021ebed51c925ffc66b1c5ab https://git.kernel.org/stable/c/af7bb0d2ca459f15cb5ca604dab5d9af103643f0 https://git.kernel.org/stable/c/b519f2e5800fe2391b7545ba6889df795828e885 https://git.kernel.org/stable/c/e2d8e7bd3314485e0b3b08380c659b3d1d67ed6a

Share on: