CVE-2024-26832
mm: zswap: fix missing folio cleanup in writeback race path
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
mm: zswap: fix missing folio cleanup in writeback race path
In zswap_writeback_entry(), after we get a folio from
__read_swap_cache_async(), we grab the tree lock again to check that the
swap entry was not invalidated and recycled. If it was, we delete the
folio we just added to the swap cache and exit.
However, __read_swap_cache_async() returns the folio locked when it is
newly allocated, which is always true for this path, and the folio is
ref'd. Make sure to unlock and put the folio before returning.
This was discovered by code inspection, probably because this path handles
a race condition that should not happen often, and the bug would not crash
the system, it will only strand the folio indefinitely.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mm: zswap: corrige la limpieza de folio faltante en la ruta de carrera de escritura diferida En zswap_writeback_entry(), después de obtener un folio de __read_swap_cache_async(), tomamos el bloqueo del árbol nuevamente para verificar que el intercambio la entrada no fue invalidada y reciclada. Si así fuera, eliminamos la publicación que acabamos de agregar al caché de intercambio y salimos. Sin embargo, __read_swap_cache_async() devuelve la publicación bloqueada cuando se asigna recientemente, lo que siempre es cierto para esta ruta, y la publicación se ref. Asegúrate de desbloquear y colocar el folio antes de regresar. Esto se descubrió mediante la inspección del código, probablemente porque esta ruta maneja una condición de carrera que no debería ocurrir con frecuencia, y el error no bloquearía el sistema, solo bloqueará la publicación indefinidamente.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-04-17 CVE Published
- 2024-04-18 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/2cab13f500a6333bd2b853783ac76be9e4956f8a | Vuln. Introduced | |
| https://git.kernel.org/stable/c/04fc7816089c5a32c29a04ec94b998e219dfb946 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/ba700ea13bf0105a4773c654f7d3bef8adb64ab2 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.30 < 6.1.80 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.30 < 6.1.80" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.4 < 6.6.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.6.19" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.4 < 6.7.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.7.7" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.4 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.8" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.3.4 Search vendor "Linux" for product "Linux Kernel" and version "6.3.4" | en |
Affected
| ||||||