{"id":"CVE-2024-41075","summary":"cachefiles: add consistency check for copen/cread","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: add consistency check for copen/cread\n\nThis prevents malicious processes from completing random copen/cread\nrequests and crashing the system. Added checks are listed below:\n\n  * Generic, copen can only complete open requests, and cread can only\n    complete read requests.\n  * For copen, ondemand_id must not be 0, because this indicates that the\n    request has not been read by the daemon.\n  * For cread, the object corresponding to fd and req should be the same.","modified":"2026-05-18T05:58:55.156055035Z","published":"2024-07-29T14:57:34.891Z","related":["SUSE-SU-2024:3194-1","SUSE-SU-2024:3195-1","SUSE-SU-2024:3383-1","SUSE-SU-2025:20044-1","SUSE-SU-2025:20047-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41075.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/36d845ccd7bf527110a65fe953886a176c209539"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3b744884c0431b5a62c92900e64bfd0ed61e8e2a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8aaa6c5dd2940ab934d6cd296175f43dbb32b34a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a26dc49df37e996876f50a0210039b2d211fdd6f"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41075.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41075"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"9032b6e8589f269743984aac53e82e4835be16dc"},{"fixed":"3b744884c0431b5a62c92900e64bfd0ed61e8e2a"},{"fixed":"36d845ccd7bf527110a65fe953886a176c209539"},{"fixed":"8aaa6c5dd2940ab934d6cd296175f43dbb32b34a"},{"fixed":"a26dc49df37e996876f50a0210039b2d211fdd6f"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41075.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.19.0"},{"fixed":"6.1.101"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.42"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.9.11"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41075.json"}}],"schema_version":"1.7.5"}