// For flags

CVE-2024-26685

nilfs2: fix potential bug in end_buffer_async_write

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix potential bug in end_buffer_async_write

According to a syzbot report, end_buffer_async_write(), which handles the
completion of block device writes, may detect abnormal condition of the
buffer async_write flag and cause a BUG_ON failure when using nilfs2.

Nilfs2 itself does not use end_buffer_async_write(). But, the async_write
flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue
with race condition of competition between segments for dirty blocks") as
a means of resolving double list insertion of dirty blocks in
nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the
resulting crash.

This modification is safe as long as it is used for file data and b-tree
node blocks where the page caches are independent. However, it was
irrelevant and redundant to also introduce async_write for segment summary
and super root blocks that share buffers with the backing device. This
led to the possibility that the BUG_ON check in end_buffer_async_write
would fail as described above, if independent writebacks of the backing
device occurred in parallel.

The use of async_write for segment summary buffers has already been
removed in a previous change.

Fix this issue by removing the manipulation of the async_write flag for
the remaining super root block buffer.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: corrige un posible error en end_buffer_async_write Según un informe de syzbot, end_buffer_async_write(), que maneja la finalización de las escrituras del dispositivo de bloque, puede detectar una condición anormal del indicador async_write del búfer y causar un Error BUG_ON al usar nilfs2. Nilfs2 en sí no usa end_buffer_async_write(). Pero el indicador async_write ahora se usa como marcador en el commit 7f42ec394156 ("nilfs2: soluciona el problema con la condición de ejecución de competencia entre segmentos por bloques sucios") como un medio para resolver la inserción de lista doble de bloques sucios en nilfs_lookup_dirty_data_buffers() y nilfs_lookup_node_buffers( ) y el accidente resultante. Esta modificación es segura siempre que se utilice para datos de archivos y bloques de nodos de árbol b donde las cachés de páginas sean independientes. Sin embargo, era irrelevante y redundante introducir también async_write para el resumen de segmento y los bloques súper raíz que comparten buffers con el dispositivo de respaldo. Esto generó la posibilidad de que la verificación BUG_ON en end_buffer_async_write fallara como se describe anteriormente, si se produjeran reescrituras independientes del dispositivo de respaldo en paralelo. El uso de async_write para buffers de resumen de segmentos ya se eliminó en un cambio anterior. Solucione este problema eliminando la manipulación del indicador async_write para el búfer de bloque súper raíz restante.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-19 CVE Reserved
  • 2024-04-03 CVE Published
  • 2024-04-04 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.12 < 4.19.307
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 4.19.307"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.12 < 5.4.269
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 5.4.269"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.12 < 5.10.210
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 5.10.210"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.12 < 5.15.149
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 5.15.149"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.12 < 6.1.79
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.1.79"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.12 < 6.6.18
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.6.18"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.12 < 6.7.6
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.7.6"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.12 < 6.8
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.8"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
3.2.52
Search vendor "Linux" for product "Linux Kernel" and version "3.2.52"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
3.4.83
Search vendor "Linux" for product "Linux Kernel" and version "3.4.83"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
3.10.16
Search vendor "Linux" for product "Linux Kernel" and version "3.10.16"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
3.11.5
Search vendor "Linux" for product "Linux Kernel" and version "3.11.5"
en
Affected