{"id":"CVE-2024-47740","summary":"f2fs: Require FMODE_WRITE for atomic write ioctls","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: Require FMODE_WRITE for atomic write ioctls\n\nThe F2FS ioctls for starting and committing atomic writes check for\ninode_owner_or_capable(), but this does not give LSMs like SELinux or\nLandlock an opportunity to deny the write access - if the caller's FSUID\nmatches the inode's UID, inode_owner_or_capable() immediately returns true.\n\nThere are scenarios where LSMs want to deny a process the ability to write\nparticular files, even files that the FSUID of the process owns; but this\ncan currently partially be bypassed using atomic write ioctls in two ways:\n\n - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can\n   truncate an inode to size 0\n - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert\n   changes another process concurrently made to a file\n\nFix it by requiring FMODE_WRITE for these operations, just like for\nF2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these\nioctls when intending to write into the file, that seems unlikely to break\nanything.","modified":"2026-03-20T12:39:14.104230Z","published":"2024-10-21T12:14:09.171Z","related":["MGASA-2024-0344","MGASA-2024-0345","USN-7276-1","USN-7277-1","openSUSE-SU-2024:14500-1","openSUSE-SU-2025:14705-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47740.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/000bab8753ae29a259feb339b99ee759795a48ac"},{"type":"WEB","url":"https://git.kernel.org/stable/c/32f348ecc149e9ca70a1c424ae8fa9b6919d2713"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4583290898c13c2c2e5eb8773886d153c2c5121d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4ce87674c3a6b4d3b3d45f85b584ab8618a3cece"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4f5a100f87f32cb65d4bb1ad282a08c92f6f591e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5e0de753bfe87768ebe6744d869caa92f35e5731"},{"type":"WEB","url":"https://git.kernel.org/stable/c/700f3a7c7fa5764c9f24bbf7c78e0b6e479fa653"},{"type":"WEB","url":"https://git.kernel.org/stable/c/88ff021e1fea2d9b40b2d5efd9013c89f7be04ac"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f3bfac2cabf5333506b263bc0c8497c95302f32d"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47740.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47740"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"88b88a66797159949cec32eaab12b4968f6fae2d"},{"fixed":"700f3a7c7fa5764c9f24bbf7c78e0b6e479fa653"},{"fixed":"4ce87674c3a6b4d3b3d45f85b584ab8618a3cece"},{"fixed":"000bab8753ae29a259feb339b99ee759795a48ac"},{"fixed":"88ff021e1fea2d9b40b2d5efd9013c89f7be04ac"},{"fixed":"32f348ecc149e9ca70a1c424ae8fa9b6919d2713"},{"fixed":"5e0de753bfe87768ebe6744d869caa92f35e5731"},{"fixed":"f3bfac2cabf5333506b263bc0c8497c95302f32d"},{"fixed":"4583290898c13c2c2e5eb8773886d153c2c5121d"},{"fixed":"4f5a100f87f32cb65d4bb1ad282a08c92f6f591e"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47740.json"}}],"schema_version":"1.7.5"}