CVE-2024-53143

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fsnotify: Fix ordering of iput() and watched_objects decrement<br /> <br /> Ensure the superblock is kept alive until we&amp;#39;re done with iput().<br /> Holding a reference to an inode is not allowed unless we ensure the<br /> superblock stays alive, which fsnotify does by keeping the<br /> watched_objects count elevated, so iput() must happen before the<br /> watched_objects decrement.<br /> This can lead to a UAF of something like sb-&gt;s_fs_info in tmpfs, but the<br /> UAF is hard to hit because race orderings that oops are more likely, thanks<br /> to the CHECK_DATA_CORRUPTION() block in generic_shutdown_super().<br /> <br /> Also, ensure that fsnotify_put_sb_watched_objects() doesn&amp;#39;t call<br /> fsnotify_sb_watched_objects() on a superblock that may have already been<br /> freed, which would cause a UAF read of sb-&gt;s_fsnotify_info.