CVE-2024-47740

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: Require FMODE_WRITE for atomic write ioctls<br /> <br /> The F2FS ioctls for starting and committing atomic writes check for<br /> inode_owner_or_capable(), but this does not give LSMs like SELinux or<br /> Landlock an opportunity to deny the write access - if the caller&amp;#39;s FSUID<br /> matches the inode&amp;#39;s UID, inode_owner_or_capable() immediately returns true.<br /> <br /> There are scenarios where LSMs want to deny a process the ability to write<br /> particular files, even files that the FSUID of the process owns; but this<br /> can currently partially be bypassed using atomic write ioctls in two ways:<br /> <br /> - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can<br /> truncate an inode to size 0<br /> - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert<br /> changes another process concurrently made to a file<br /> <br /> Fix it by requiring FMODE_WRITE for these operations, just like for<br /> F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these<br /> ioctls when intending to write into the file, that seems unlikely to break<br /> anything.