CVE-2024-26685
nilfs2: fix potential bug in end_buffer_async_write
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential bug in end_buffer_async_write
According to a syzbot report, end_buffer_async_write(), which handles the
completion of block device writes, may detect abnormal condition of the
buffer async_write flag and cause a BUG_ON failure when using nilfs2.
Nilfs2 itself does not use end_buffer_async_write(). But, the async_write
flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue
with race condition of competition between segments for dirty blocks") as
a means of resolving double list insertion of dirty blocks in
nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the
resulting crash.
This modification is safe as long as it is used for file data and b-tree
node blocks where the page caches are independent. However, it was
irrelevant and redundant to also introduce async_write for segment summary
and super root blocks that share buffers with the backing device. This
led to the possibility that the BUG_ON check in end_buffer_async_write
would fail as described above, if independent writebacks of the backing
device occurred in parallel.
The use of async_write for segment summary buffers has already been
removed in a previous change.
Fix this issue by removing the manipulation of the async_write flag for
the remaining super root block buffer.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: corrige un posible error en end_buffer_async_write Según un informe de syzbot, end_buffer_async_write(), que maneja la finalización de las escrituras del dispositivo de bloque, puede detectar una condición anormal del indicador async_write del búfer y causar un Error BUG_ON al usar nilfs2. Nilfs2 en sí no usa end_buffer_async_write(). Pero el indicador async_write ahora se usa como marcador en el commit 7f42ec394156 ("nilfs2: soluciona el problema con la condición de ejecución de competencia entre segmentos por bloques sucios") como un medio para resolver la inserción de lista doble de bloques sucios en nilfs_lookup_dirty_data_buffers() y nilfs_lookup_node_buffers( ) y el accidente resultante. Esta modificación es segura siempre que se utilice para datos de archivos y bloques de nodos de árbol b donde las cachés de páginas sean independientes. Sin embargo, era irrelevante y redundante introducir también async_write para el resumen de segmento y los bloques súper raíz que comparten buffers con el dispositivo de respaldo. Esto generó la posibilidad de que la verificación BUG_ON en end_buffer_async_write fallara como se describe anteriormente, si se produjeran reescrituras independientes del dispositivo de respaldo en paralelo. El uso de async_write para buffers de resumen de segmentos ya se eliminó en un cambio anterior. Solucione este problema eliminando la manipulación del indicador async_write para el búfer de bloque súper raíz restante.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-04-03 CVE Published
- 2024-04-04 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (15)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.12 < 4.19.307 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 4.19.307" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.12 < 5.4.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 5.4.269" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.12 < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 5.10.210" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.12 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 5.15.149" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.12 < 6.1.79 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.1.79" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.12 < 6.6.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.6.18" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.12 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.7.6" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.12 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.8" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.2.52 Search vendor "Linux" for product "Linux Kernel" and version "3.2.52" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.4.83 Search vendor "Linux" for product "Linux Kernel" and version "3.4.83" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.10.16 Search vendor "Linux" for product "Linux Kernel" and version "3.10.16" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.11.5 Search vendor "Linux" for product "Linux Kernel" and version "3.11.5" | en |
Affected
|