CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-43891: tracing: Have format file honor EVENT_FILE_FL_FREED

4.7 CVSS

Description

In the Linux kernel, the following vulnerability has been resolved:

tracing: Have format file honor EVENT_FILE_FL_FREED

When eventfs was introduced, special care had to be done to coordinate the
freeing of the file meta data with the files that are exposed to user
space. The file meta data would have a ref count that is set when the file
is created and would be decremented and freed after the last user that
opened the file closed it. When the file meta data was to be freed, it
would set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed,
and any new references made (like new opens or reads) would fail as it is
marked freed. This allowed other meta data to be freed after this flag was
set (under the event_mutex).

All the files that were dynamically created in the events directory had a
pointer to the file meta data and would call event_release() when the last
reference to the user space file was closed. This would be the time that it
is safe to free the file meta data.

A shortcut was made for the "format" file. It's i_private would point to
the "call" entry directly and not point to the file's meta data. This is
because all format files are the same for the same "call", so it was
thought there was no reason to differentiate them. The other files
maintain state (like the "enable", "trigger", etc). But this meant if the
file were to disappear, the "format" file would be unaware of it.

This caused a race that could be trigger via the user_events test (that
wou...

Classification

CVE ID: CVE-2024-43891

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.7

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.84% (scored less or equal to compared to others)

EPSS Date: 2025-06-02 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-43891
https://git.kernel.org/stable/c/4ed03758ddf0b19d69eed69386d65a92d0091e0c
https://git.kernel.org/stable/c/531dc6780d94245af037c25c2371c8caf652f0f9
https://git.kernel.org/stable/c/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d

Timeline

2025-05-04 10:40:17 UTC
CVE

tracing: Have format file honor EVENT_FILE_FL_FREED