CVE-2024-26848
afs: Fix endless loop in directory parsing
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
afs: Fix endless loop in directory parsing
If a directory has a block with only ".__afsXXXX" files in it (from
uncompleted silly-rename), these .__afsXXXX files are skipped but without
advancing the file position in the dir_context. This leads to
afs_dir_iterate() repeating the block again and again.
Fix this by making the code that skips the .__afsXXXX file also manually
advance the file position.
The symptoms are a soft lookup:
watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737]
...
RIP: 0010:afs_dir_iterate_block+0x39/0x1fd
...
? watchdog_timer_fn+0x1a6/0x213
...
? asm_sysvec_apic_timer_interrupt+0x16/0x20
? afs_dir_iterate_block+0x39/0x1fd
afs_dir_iterate+0x10a/0x148
afs_readdir+0x30/0x4a
iterate_dir+0x93/0xd3
__do_sys_getdents64+0x6b/0xd4
This is almost certainly the actual fix for:
https://bugzilla.kernel.org/show_bug.cgi?id=218496
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: afs: corrige el bucle sin fin en el análisis de directorios. Si un directorio tiene un bloque con solo archivos ".__afsXXXX" (de un cambio de nombre incompleto), estos archivos .__afsXXXX se omiten, pero sin avanzar la posición del archivo en dir_context. Esto lleva a que afs_dir_iterate() repita el bloque una y otra vez. Solucione este problema haciendo que el código que omite el archivo .__afsXXXX también avance manualmente la posición del archivo. Los síntomas son una búsqueda suave: perro guardián: ERROR: bloqueo suave - ¡CPU n.° 3 bloqueada durante 52 segundos! [verificación: 5737]... RIP: 0010:afs_dir_iterate_block+0x39/0x1fd...? watchdog_timer_fn+0x1a6/0x213...? asm_sysvec_apic_timer_interrupt+0x16/0x20? AFS_DIR_ITERATE_BLOCK+0x39/0x1fd AFS_DIR_ITERATE+0x10a/0x148 AFS_READDIR+0X30/0X4A ITERE_DIR+0X93/0XD3 __DO_SYS_GETDENTS64+0x6b/0xd4 Esto es casi seguro que es casi seguro el fianza real: bug.cgi? id = 218496
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-04-17 CVE Published
- 2024-04-18 EPSS Updated
- 2024-09-11 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (22)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4.269 < 5.4.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.269 < 5.4.271" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4.269 < 5.4.273 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.269 < 5.4.273" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10.210 < 5.10.212 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.210 < 5.10.212" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10.210 < 5.10.214 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.210 < 5.10.214" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15.149 < 5.15.151 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.149 < 5.15.151" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15.149 < 5.15.153 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.149 < 5.15.153" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.76 < 6.1.81 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.76 < 6.1.81" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.76 < 6.1.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.76 < 6.1.83" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6.15 < 6.6.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.15 < 6.6.21" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6.15 < 6.6.23 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.15 < 6.6.23" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.7.3 < 6.7.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7.3 < 6.7.9" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.7.3 < 6.7.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7.3 < 6.7.11" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.8 < 6.8.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.8.2" | en |
Affected
|