ASA-2019-00156 – Linux kernel: Object fsnotify_mark refcount leak in inotify_update_existing_watch()

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00156

Identifier(s)

ASA-2019-00156, CVE-2019-9857

Title

Object fsnotify_mark refcount leak in inotify_update_existing_watch()

Vendor(s)

Linux foundation

Product(s)

Linux kernel

Affected version(s)

Linux kernel versions before 5.1

Linux kernel versions 5.0.x before 5.0.9
Linux kernel versions 4.19.x before 4.19.36

Linux kernel versions since the following commit:

inotify: Add flag IN_MASK_CREATE for inotify_add_watch()
https://github.com/torvalds/linux/commit/4d97f7d53da7dc830dbf416a3d2a6778d267ae68

Fixed version(s)

Linux kernel version 5.1

Linux kernel version 5.0.9
Linux kernel version 4.19.36

Linux kernel versions with the following commit applied:

inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch()
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62c9d2674b31d4c8a674bee86b7edc6da2803aea

Proof of concept

Unknown

Description

In the Linux kernel since commit 4d97f7d53da7dc83 (“inotify: Add flag IN_MASK_CREATE for inotify_add_watch()”), the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak).

Technical details

Linux foundation

Credits

ZhangXiaoxu

Reference(s)

inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch()
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62c9d2674b31d4c8a674bee86b7edc6da2803aea

inotify: Add flag IN_MASK_CREATE for inotify_add_watch()
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d97f7d53da7dc830dbf416a3d2a6778d267ae68

inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch
https://github.com/torvalds/linux/commit/62c9d2674b31d4c8a674bee86b7edc6da2803aea

inotify: Add flag IN_MASK_CREATE for inotify_add_watch()
https://github.com/torvalds/linux/commit/4d97f7d53da7dc830dbf416a3d2a6778d267ae68

Linux 5.1
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1

Linux 5.0.9
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9

Linux 4.19.36
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.36

CVE-2019-9857 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2019-9857

CVE-2019-9857 | SUSE
https://www.suse.com/security/cve/CVE-2019-9857

CVE-2019-9857
https://security-tracker.debian.org/tracker/CVE-2019-9857

CVE-2019-9857 in Ubuntu
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9857.html

CVE-2019-9857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9857

CVE-2019-9857
https://nvd.nist.gov/vuln/detail/CVE-2019-9857

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: November 29, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.