CVE-2024-26685

nilfs2: fix potential bug in end_buffer_async_write

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix potential bug in end_buffer_async_write

According to a syzbot report, end_buffer_async_write(), which handles the
completion of block device writes, may detect abnormal condition of the
buffer async_write flag and cause a BUG_ON failure when using nilfs2.

Nilfs2 itself does not use end_buffer_async_write(). But, the async_write
flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue
with race condition of competition between segments for dirty blocks") as
a means of resolving double list insertion of dirty blocks in
nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the
resulting crash.

This modification is safe as long as it is used for file data and b-tree
node blocks where the page caches are independent. However, it was
irrelevant and redundant to also introduce async_write for segment summary
and super root blocks that share buffers with the backing device. This
led to the possibility that the BUG_ON check in end_buffer_async_write
would fail as described above, if independent writebacks of the backing
device occurred in parallel.

The use of async_write for segment summary buffers has already been
removed in a previous change.

Fix this issue by removing the manipulation of the async_write flag for
the remaining super root block buffer.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: corrige un posible error en end_buffer_async_write Según un informe de syzbot, end_buffer_async_write(), que maneja la finalización de las escrituras del dispositivo de bloque, puede detectar una condición anormal del indicador async_write del búfer y causar un Error BUG_ON al usar nilfs2. Nilfs2 en sí no usa end_buffer_async_write(). Pero el indicador async_write ahora se usa como marcador en el commit 7f42ec394156 ("nilfs2: soluciona el problema con la condición de ejecución de competencia entre segmentos por bloques sucios") como un medio para resolver la inserción de lista doble de bloques sucios en nilfs_lookup_dirty_data_buffers() y nilfs_lookup_node_buffers( ) y el accidente resultante. Esta modificación es segura siempre que se utilice para datos de archivos y bloques de nodos de árbol b donde las cachés de páginas sean independientes. Sin embargo, era irrelevante y redundante introducir también async_write para el resumen de segmento y los bloques súper raíz que comparten buffers con el dispositivo de respaldo. Esto generó la posibilidad de que la verificación BUG_ON en end_buffer_async_write fallara como se describe anteriormente, si se produjeran reescrituras independientes del dispositivo de respaldo en paralelo. El uso de async_write para buffers de resumen de segmentos ya se eliminó en un cambio anterior. Solucione este problema eliminando la manipulación del indicador async_write para el búfer de bloque súper raíz restante.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-03 CVE Published
2024-04-04 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (15)

URL	Tag	Source
https://git.kernel.org/stable/c/7f42ec3941560f0902fe3671e36f2c20ffd3af0a	Vuln. Introduced
https://git.kernel.org/stable/c/ccebcc74c81d8399c7b204aea47c1f33b09c2b17	Vuln. Introduced
https://git.kernel.org/stable/c/831c87640d23ccb253a02e4901bd9a325b5e8c2d	Vuln. Introduced
https://git.kernel.org/stable/c/d8974c7fe717ee8fb0706e35cc92e0bcdf660ec5	Vuln. Introduced
https://git.kernel.org/stable/c/8f67918af09fc0ffd426a9b6f87697976d3fbc7b	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/c4a09fdac625e64abe478dcf88bfa20406616928	2024-02-23
https://git.kernel.org/stable/c/d31c8721e816eff5ca6573cc487754f357c093cd	2024-02-23
https://git.kernel.org/stable/c/f3e4963566f58726d3265a727116a42b591f6596	2024-02-23
https://git.kernel.org/stable/c/8fa90634ec3e9cc50f42dd605eec60f2d146ced8	2024-02-23
https://git.kernel.org/stable/c/6589f0f72f8edd1fa11adce4eedbd3615f2e78ab	2024-02-23
https://git.kernel.org/stable/c/2c3bdba00283a6c7a5b19481a59a730f46063803	2024-02-23
https://git.kernel.org/stable/c/626daab3811b772086aef1bf8eed3ffe6f523eff	2024-02-23
https://git.kernel.org/stable/c/5bc09b397cbf1221f8a8aacb1152650c9195b02b	2024-02-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 4.19.307 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 4.19.307"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 5.4.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 5.4.269"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 5.10.210"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 5.15.149"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 6.1.79 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.1.79"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 6.6.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.6.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.7.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.2.52 Search vendor "Linux" for product "Linux Kernel" and version "3.2.52"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.4.83 Search vendor "Linux" for product "Linux Kernel" and version "3.4.83"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.10.16 Search vendor "Linux" for product "Linux Kernel" and version "3.10.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.11.5 Search vendor "Linux" for product "Linux Kernel" and version "3.11.5"		en		Affected