CVE-2024-47740: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47740 affects the Linux kernel's F2FS (Flash-Friendly File System) implementation. The vulnerability was discovered in the atomic write ioctls functionality, where the system checks for inodeowneror_capable() but fails to give Linux Security Modules (LSMs) like SELinux or Landlock an opportunity to deny write access when the caller's FSUID matches the inode's UID (Kernel Git).

The vulnerability exists in the F2FS ioctls for starting and committing atomic writes. The issue can be exploited in two ways: 1) Using F2FSIOCSTARTATOMICREPLACE + F2FSIOCCOMMITATOMICWRITE to truncate an inode to size 0, or 2) Using F2FSIOCSTARTATOMICWRITE + F2FSIOCABORTATOMICWRITE to revert changes another process concurrently made to a file. The vulnerability stems from the immediate return of true by inodeowneror_capable() when the caller's FSUID matches the inode's UID (Kernel Git).

The vulnerability allows processes to bypass LSM write access restrictions on files they own, potentially leading to unauthorized file modifications or data loss. This could affect security policies implemented through SELinux or Landlock, compromising system security controls (Kernel Git).

The vulnerability has been fixed by requiring FMODEWRITE for atomic write operations, similar to the existing requirement for F2FSIOCMOVERANGE. The fix has been implemented in various kernel versions and is available through distribution updates. Users should update their systems to the patched versions (Ubuntu Security).