CVE-2024-26601

ext4: regenerate buddy after block freeing failed if under fc replay

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd ("ext4: remove redundant
mb_regenerate_buddy()") and reintroduces mb_regenerate_buddy(). Based on
code in mb_free_blocks(), fast commit replay can end up marking as free
blocks that are already marked as such. This causes corruption of the
buddy bitmap so we need to regenerate it in that case.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: regenerar amigo después de que falló la liberación del bloque si se encuentra en reproducción fc. Esto revierte principalmente el commit 6bd97bf273bd ("ext4: eliminar mb_regenerate_buddy() redundante") y reintroduce mb_regenerate_buddy(). Según el código en mb_free_blocks(), la repetición de commit rápido puede terminar marcando como bloques libres que ya están marcados como tales. Esto causa corrupción en el mapa de bits del amigo, por lo que debemos regenerarlo en ese caso.

A flaw was found in the Linux kernel's ext4 filesystem related to the fast commit replay process. During this process, blocks that are already marked as free can be incorrectly marked as free again, leading to the corruption of the buddy bitmap, which is used to track free and allocated blocks. This corruption can result in filesystem inconsistencies and potential data loss. The issue is resolved by reintroducing the mb_regenerate_buddy() function, which regenerates the buddy bitmap to ensure its integrity.

In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd ("ext4: remove redundant mb_regenerate_buddy()") and reintroduces mb_regenerate_buddy(). Based on code in mb_free_blocks(), fast commit replay can end up marking as free blocks that are already marked as such. This causes corruption of the buddy bitmap so we need to regenerate it in that case.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-02-24 CVE Published
2024-04-21 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-118: Incorrect Access of Indexable Resource ('Range Error')

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/0983142c5f17a62055ec851372273c3bc77e4788	Vuln. Introduced
https://git.kernel.org/stable/c/6bd97bf273bdb4944904e57480f6545bca48ad77	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a	2024-03-01
https://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326	2024-03-01
https://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4	2024-02-16
https://git.kernel.org/stable/c/ea42d6cffb0dd27a417f410b9d0011e9859328cb	2024-02-16
https://git.kernel.org/stable/c/6b0d48647935e4b8c7b75d1eccb9043fcd4ee581	2024-02-16
https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4e	2024-01-18

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26601	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2265836	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.181 < 5.10.211 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.181 < 5.10.211"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 5.15.150 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.150"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.1.78 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.1.78"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.6.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.6.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.7.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.7.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.8"		en		Affected