CVE-2024-42265
Description
In the Linux kernel, the following vulnerability has been resolved: protect the fetch of ->fd[fd] in do_dup2() from mispredictions both callers have verified that fd is not greater than ->max_fds; however, misprediction might end up with tofree = fdt->fd[fd]; being speculatively executed. That's wrong for the same reasons why it's wrong in close_fd()/file_close_fd_locked(); the same solution applies - array_index_nospec(fd, fdt->max_fds) could differ from fd only in case of speculative execution on mispredicted path.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-7000.html
Vendor advisory: alma — https://bugzilla.redhat.com/2306365
Vendor advisory: alma — https://bugzilla.redhat.com/2305488
Vendor advisory: alma — https://bugzilla.redhat.com/2305467
Vendor advisory: alma — https://bugzilla.redhat.com/2305410
Vendor advisory: alma — https://bugzilla.redhat.com/2303514
Vendor advisory: alma — https://bugzilla.redhat.com/2303508
Vendor advisory: alma — https://bugzilla.redhat.com/2303506
Vendor advisory: alma — https://bugzilla.redhat.com/2303505
Vendor advisory: alma — https://bugzilla.redhat.com/2303077
Vendor advisory: alma — https://bugzilla.redhat.com/2301544
Vendor advisory: alma — https://bugzilla.redhat.com/2301543
Vendor advisory: alma — https://bugzilla.redhat.com/2301522
Vendor advisory: alma — https://bugzilla.redhat.com/2301519
Vendor advisory: alma — https://bugzilla.redhat.com/2301496
Vendor advisory: alma — https://bugzilla.redhat.com/2301489
Vendor advisory: alma — https://bugzilla.redhat.com/2301477
Vendor advisory: alma — https://bugzilla.redhat.com/2300713
Vendor advisory: alma — https://bugzilla.redhat.com/2300709
Vendor advisory: alma — https://bugzilla.redhat.com/2300552
Vendor advisory: alma — https://bugzilla.redhat.com/2300533
Vendor advisory: alma — https://bugzilla.redhat.com/2300492
Vendor advisory: alma — https://bugzilla.redhat.com/2300453
Vendor advisory: alma — https://bugzilla.redhat.com/2300448
Vendor advisory: alma — https://bugzilla.redhat.com/2300440
Vendor advisory: alma — https://bugzilla.redhat.com/2300439
Vendor advisory: alma — https://bugzilla.redhat.com/2300434
Vendor advisory: alma — https://bugzilla.redhat.com/2300430
Vendor advisory: alma — https://bugzilla.redhat.com/2300429
Vendor advisory: alma — https://bugzilla.redhat.com/2300414
Vendor advisory: alma — https://bugzilla.redhat.com/2300410
Vendor advisory: alma — https://bugzilla.redhat.com/2300409
Vendor advisory: alma — https://bugzilla.redhat.com/2300408
Vendor advisory: alma — https://bugzilla.redhat.com/2300407
Vendor advisory: alma — https://bugzilla.redhat.com/2300402
Vendor advisory: alma — https://bugzilla.redhat.com/2300381
Vendor advisory: alma — https://bugzilla.redhat.com/2300297
Vendor advisory: alma — https://bugzilla.redhat.com/2300296
Vendor advisory: alma — https://bugzilla.redhat.com/2299452
Vendor advisory: alma — https://bugzilla.redhat.com/2299336
Vendor advisory: alma — https://bugzilla.redhat.com/2299240
Vendor advisory: alma — https://bugzilla.redhat.com/2298640
Vendor advisory: alma — https://bugzilla.redhat.com/2298177
Vendor advisory: alma — https://bugzilla.redhat.com/2298140
Vendor advisory: alma — https://bugzilla.redhat.com/2298079
Vendor advisory: alma — https://bugzilla.redhat.com/2297909
Vendor advisory: alma — https://bugzilla.redhat.com/2297706
Vendor advisory: alma — https://bugzilla.redhat.com/2297589
Vendor advisory: alma — https://bugzilla.redhat.com/2297582
Vendor advisory: alma — https://bugzilla.redhat.com/2297581
Vendor advisory: alma — https://bugzilla.redhat.com/2297579
Vendor advisory: alma — https://bugzilla.redhat.com/2297573
Vendor advisory: alma — https://bugzilla.redhat.com/2297572
Vendor advisory: alma — https://bugzilla.redhat.com/2297562
Vendor advisory: alma — https://bugzilla.redhat.com/2297561
Vendor advisory: alma — https://bugzilla.redhat.com/2297556
Vendor advisory: alma — https://bugzilla.redhat.com/2297544
Vendor advisory: alma — https://bugzilla.redhat.com/2297543
Vendor advisory: alma — https://bugzilla.redhat.com/2297542
Vendor advisory: alma — https://bugzilla.redhat.com/2297538
Vendor advisory: alma — https://bugzilla.redhat.com/2297525
Vendor advisory: alma — https://bugzilla.redhat.com/2297515
Vendor advisory: alma — https://bugzilla.redhat.com/2297513
Vendor advisory: alma — https://bugzilla.redhat.com/2297496
Vendor advisory: alma — https://bugzilla.redhat.com/2297495
Vendor advisory: alma — https://bugzilla.redhat.com/2297488
Vendor advisory: alma — https://bugzilla.redhat.com/2297478
Vendor advisory: alma — https://bugzilla.redhat.com/2297473
Vendor advisory: alma — https://bugzilla.redhat.com/2297471
Vendor advisory: alma — https://bugzilla.redhat.com/2294313
Vendor advisory: alma — https://bugzilla.redhat.com/2293658
Vendor advisory: alma — https://bugzilla.redhat.com/2293441
Vendor advisory: alma — https://bugzilla.redhat.com/2293440
Vendor advisory: alma — https://bugzilla.redhat.com/2293423
Vendor advisory: alma — https://bugzilla.redhat.com/2293414
Vendor advisory: alma — https://bugzilla.redhat.com/2293408
Vendor advisory: alma — https://bugzilla.redhat.com/2293377
Vendor advisory: alma — https://bugzilla.redhat.com/2293304
Vendor advisory: alma — https://bugzilla.redhat.com/2293273
Vendor advisory: alma — https://bugzilla.redhat.com/2293270
Vendor advisory: alma — https://bugzilla.redhat.com/2293247
Vendor advisory: alma — https://bugzilla.redhat.com/2284634
Vendor advisory: alma — https://bugzilla.redhat.com/2284630
Vendor advisory: alma — https://bugzilla.redhat.com/2284628
Vendor advisory: alma — https://bugzilla.redhat.com/2284596
Vendor advisory: alma — https://bugzilla.redhat.com/2284545
Vendor advisory: alma — https://bugzilla.redhat.com/2284515
Vendor advisory: alma — https://bugzilla.redhat.com/2284511
Vendor advisory: alma — https://bugzilla.redhat.com/2284271
Vendor advisory: alma — https://bugzilla.redhat.com/2283424
Vendor advisory: alma — https://bugzilla.redhat.com/2283389
Vendor advisory: alma — https://bugzilla.redhat.com/2282918
Vendor advisory: alma — https://bugzilla.redhat.com/2282903
Vendor advisory: alma — https://bugzilla.redhat.com/2282890
Vendor advisory: alma — https://bugzilla.redhat.com/2282851
Vendor advisory: alma — https://bugzilla.redhat.com/2282764
Vendor advisory: alma — https://bugzilla.redhat.com/2282757
Vendor advisory: alma — https://bugzilla.redhat.com/2282676
Vendor advisory: alma — https://bugzilla.redhat.com/2282669
Vendor advisory: alma — https://bugzilla.redhat.com/2282648
Vendor advisory: alma — https://bugzilla.redhat.com/2282511
Vendor advisory: alma — https://bugzilla.redhat.com/2282508
Vendor advisory: alma — https://bugzilla.redhat.com/2282440
Vendor advisory: alma — https://bugzilla.redhat.com/2282422
Vendor advisory: alma — https://bugzilla.redhat.com/2282401
Vendor advisory: alma — https://bugzilla.redhat.com/2282366
Vendor advisory: alma — https://bugzilla.redhat.com/2282357
Vendor advisory: alma — https://bugzilla.redhat.com/2282356
Vendor advisory: alma — https://bugzilla.redhat.com/2282355
Vendor advisory: alma — https://bugzilla.redhat.com/2282354
Vendor advisory: alma — https://bugzilla.redhat.com/2282345
Vendor advisory: alma — https://bugzilla.redhat.com/2282324
Vendor advisory: alma — https://bugzilla.redhat.com/2281847
Vendor advisory: alma — https://bugzilla.redhat.com/2281807
Vendor advisory: alma — https://bugzilla.redhat.com/2281720
Vendor advisory: alma — https://bugzilla.redhat.com/2281704
Vendor advisory: alma — https://bugzilla.redhat.com/2281317
Vendor advisory: alma — https://bugzilla.redhat.com/2281217
Vendor advisory: alma — https://bugzilla.redhat.com/2278447
Vendor advisory: alma — https://bugzilla.redhat.com/2278270
Vendor advisory: alma — https://bugzilla.redhat.com/2278220
Vendor advisory: alma — https://bugzilla.redhat.com/2277171
Vendor advisory: alma — https://bugzilla.redhat.com/2275742
Vendor advisory: alma — https://bugzilla.redhat.com/2275690
Vendor advisory: alma — https://bugzilla.redhat.com/2275661
Vendor advisory: alma — https://bugzilla.redhat.com/2275558
Vendor advisory: alma — https://bugzilla.redhat.com/2273180
Vendor advisory: alma — https://bugzilla.redhat.com/2273148
Vendor advisory: alma — https://bugzilla.redhat.com/2273141
Vendor advisory: alma — https://bugzilla.redhat.com/2272793
Vendor advisory: alma — https://bugzilla.redhat.com/2271796
Vendor advisory: alma — https://bugzilla.redhat.com/2271648
Vendor advisory: alma — https://bugzilla.redhat.com/2270103
Vendor advisory: alma — https://bugzilla.redhat.com/2268295
Vendor advisory: alma — https://bugzilla.redhat.com/2267925
Vendor advisory: alma — https://bugzilla.redhat.com/2267916
Vendor advisory: alma — https://bugzilla.redhat.com/2267795
Vendor advisory: alma — https://bugzilla.redhat.com/2267041
Vendor advisory: alma — https://bugzilla.redhat.com/2267036
Vendor advisory: alma — https://bugzilla.redhat.com/2266750
Vendor advisory: alma — https://bugzilla.redhat.com/2266358
Vendor advisory: alma — https://bugzilla.redhat.com/2265838
Vendor advisory: alma — https://bugzilla.redhat.com/2265799
Vendor advisory: alma — https://bugzilla.redhat.com/2260038
Vendor advisory: alma — https://bugzilla.redhat.com/2258013
Vendor advisory: alma — https://bugzilla.redhat.com/2258012
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:7000
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-42265
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-42265.html
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:7000
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/ed42e8ff509d2a61c6642d1825032072dab79f26
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/da72e783afd27d9f487836b2e6738146c0edd149
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/8aa37bde1a7b645816cda8b80df4753ecf172bf1
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/5db999fff545b924b24c9afd368ef5c17279b176
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/41a6c31df77bd8e050136b0a200b537da9e1084a
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/3f480493550b6a23d3a65d095d6569d4a7f56a0f
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/1171ceccabfd596ca370c5d2cbb47d110c3f2fe1
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/08775b3d6ed117cf4518754ec7300ee42b6a5368
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:6966
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 6.1.106-1 |
| debian | bullseye | fixed | 5.10.226-1 |
| debian | forky | fixed | 6.10.4-1 |
| debian | sid | fixed | 6.10.4-1 |
| debian | trixie | fixed | 6.10.4-1 |
| linux-kernel | affected | 4.19.320 | |
| linux-kernel | 6.11 | affected | |
| almalinux | 8 | fixed | kernel-abi-stablelists-4.18.0-553.22.1.el8_10.noarch.rpm |
References
- https://access.redhat.com/errata/RHSA-2025:6966
- https://git.kernel.org/stable/c/08775b3d6ed117cf4518754ec7300ee42b6a5368
- https://git.kernel.org/stable/c/1171ceccabfd596ca370c5d2cbb47d110c3f2fe1
- https://git.kernel.org/stable/c/3f480493550b6a23d3a65d095d6569d4a7f56a0f
- https://git.kernel.org/stable/c/41a6c31df77bd8e050136b0a200b537da9e1084a
- https://git.kernel.org/stable/c/5db999fff545b924b24c9afd368ef5c17279b176
- https://git.kernel.org/stable/c/8aa37bde1a7b645816cda8b80df4753ecf172bf1
- https://git.kernel.org/stable/c/da72e783afd27d9f487836b2e6738146c0edd149
- https://git.kernel.org/stable/c/ed42e8ff509d2a61c6642d1825032072dab79f26
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://errata.rockylinux.org/RLSA-2024:7000
- https://www.suse.com/security/cve/CVE-2024-42265.html
- https://security-tracker.debian.org/tracker/CVE-2024-42265
- https://access.redhat.com/errata/RHSA-2024:7000
- https://bugzilla.redhat.com/2258012
- https://bugzilla.redhat.com/2258013
- https://bugzilla.redhat.com/2260038
- https://bugzilla.redhat.com/2265799
- https://bugzilla.redhat.com/2265838
- https://bugzilla.redhat.com/2266358
- https://bugzilla.redhat.com/2266750
- https://bugzilla.redhat.com/2267036
- https://bugzilla.redhat.com/2267041
Verify integrity in audit chain (admin only). AS-IS.