CVE-2023-54119
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/12/2025
Last modified:
24/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
inotify: Avoid reporting event with invalid wd<br />
<br />
When inotify_freeing_mark() races with inotify_handle_inode_event() it<br />
can happen that inotify_handle_inode_event() sees that i_mark->wd got<br />
already reset to -1 and reports this value to userspace which can<br />
confuse the inotify listener. Avoid the problem by validating that wd is<br />
sensible (and pretend the mark got removed before the event got<br />
generated otherwise).
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/145f54ea336b06cf4f92eeee996f2ffca939ea43
- https://git.kernel.org/stable/c/17ad86d8c12220de97e80d88b5b4c934a40e1812
- https://git.kernel.org/stable/c/2d65c97777e5b4a845637800d5d7b648f5772106
- https://git.kernel.org/stable/c/8fb33166aed888769ea63d6af49515893f8a1f14
- https://git.kernel.org/stable/c/a48bacee05860c6089c3482bcdc80720b0ee5732
- https://git.kernel.org/stable/c/c915d8f5918bea7c3962b09b8884ca128bfd9b0c
- https://git.kernel.org/stable/c/fb3294998489d39835006240e9c6e6b2ac62022e