Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate the passed in fops for ib_get_ucaps() Sashiko pointed out it is not safe to rely only on the devt because char/block alias so if the user finds a block device with the same dev_t it can masquerade as a ucap cdev fd. Test the f_ops to only accept authentic cdevs.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Linux / Linux61e51682816d395307f78ae06d640089054c28ab – 96b6e98ff12d50ed5817230c6f1188e1150d225d
- Linux / Linux61e51682816d395307f78ae06d640089054c28ab – aa181287ebdcc53ee0ba5c2f8243e2d541ebc19b
- Linux / Linux61e51682816d395307f78ae06d640089054c28ab – 4a1b1ac2744694a2ecd66a84bdb1445f4ef24bee
- Linux / Linux6.15 – 6.15
- Linux / Linux0 – 6.15
- Linux / Linux6.18.36 – 6.18.*
- Linux / Linux7.0.13 – 7.0.*
- Linux / Linux7.1 – *