CVE-2024-26848

afs: Fix endless loop in directory parsing

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

afs: Fix endless loop in directory parsing

If a directory has a block with only ".__afsXXXX" files in it (from
uncompleted silly-rename), these .__afsXXXX files are skipped but without
advancing the file position in the dir_context. This leads to
afs_dir_iterate() repeating the block again and again.

Fix this by making the code that skips the .__afsXXXX file also manually
advance the file position.

The symptoms are a soft lookup:

watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737]
...
RIP: 0010:afs_dir_iterate_block+0x39/0x1fd
...
? watchdog_timer_fn+0x1a6/0x213
...
? asm_sysvec_apic_timer_interrupt+0x16/0x20
? afs_dir_iterate_block+0x39/0x1fd
afs_dir_iterate+0x10a/0x148
afs_readdir+0x30/0x4a
iterate_dir+0x93/0xd3
__do_sys_getdents64+0x6b/0xd4

This is almost certainly the actual fix for:

https://bugzilla.kernel.org/show_bug.cgi?id=218496

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: afs: corrige el bucle sin fin en el análisis de directorios. Si un directorio tiene un bloque con solo archivos ".__afsXXXX" (de un cambio de nombre incompleto), estos archivos .__afsXXXX se omiten, pero sin avanzar la posición del archivo en dir_context. Esto lleva a que afs_dir_iterate() repita el bloque una y otra vez. Solucione este problema haciendo que el código que omite el archivo .__afsXXXX también avance manualmente la posición del archivo. Los síntomas son una búsqueda suave: perro guardián: ERROR: bloqueo suave - ¡CPU n.° 3 bloqueada durante 52 segundos! [verificación: 5737]... RIP: 0010:afs_dir_iterate_block+0x39/0x1fd...? watchdog_timer_fn+0x1a6/0x213...? asm_sysvec_apic_timer_interrupt+0x16/0x20? AFS_DIR_ITERATE_BLOCK+0x39/0x1fd AFS_DIR_ITERATE+0x10a/0x148 AFS_READDIR+0X30/0X4A ITERE_DIR+0X93/0XD3 __DO_SYS_GETDENTS64+0x6b/0xd4 Esto es casi seguro que es casi seguro el fianza real: bug.cgi? id = 218496

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-17 CVE Published
2024-04-18 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (22)

URL	Tag	Source
https://git.kernel.org/stable/c/01d15b68f0418382626792ab35b3fa97a1d406ea	Vuln. Introduced
https://git.kernel.org/stable/c/8499e2f1218ee8d3029360a10001a6374dd135b7	Vuln. Introduced
https://git.kernel.org/stable/c/21a2115e0ca0c1b6b1b105fbc761acd9ab93adcd	Vuln. Introduced
https://git.kernel.org/stable/c/ab49164c60803d5f637fa9643270db9f459d852c	Vuln. Introduced
https://git.kernel.org/stable/c/a53411e805e02d813b2f2fd2c9d6eaca1d37fb08	Vuln. Introduced
https://git.kernel.org/stable/c/fa70c6954aabbfbca1fe39b9b60f82cf2e8cec38	Vuln. Introduced
https://git.kernel.org/stable/c/57e9d49c54528c49b8bffe6d99d782ea051ea534	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5c78be006ed9cb735ac2abf4fd64f3f4ea26da31	2024-03-06
https://git.kernel.org/stable/c/854ebf45a4ddd4cadeffb6644e88d19020634e1a	2024-03-26
https://git.kernel.org/stable/c/96370ba395c572ef496fd2c7afc4a1ab3dedd3f0	2024-03-06
https://git.kernel.org/stable/c/b94f434fe977689da4291dc21717790b9bd1c064	2024-03-26
https://git.kernel.org/stable/c/80b15346492bdba677bbb0adefc611910e505f7b	2024-03-06
https://git.kernel.org/stable/c/a6ffae61ad9ebf2fdcb943135b2f30c85f49cd27	2024-03-26
https://git.kernel.org/stable/c/058ed71e0f7aa3b6694ca357e23d084e5d3f2470	2024-03-06
https://git.kernel.org/stable/c/76426abf9b980b46983f97de8e5b25047b4c9863	2024-03-26
https://git.kernel.org/stable/c/f67898867b6b0f4542cddc7fe57997978b948a7a	2024-03-06
https://git.kernel.org/stable/c/106e14ca55a0acb3236ee98813a1d243f8aa2d05	2024-03-26
https://git.kernel.org/stable/c/fe02316e4933befc621fa125efb8f8b4d04cceec	2024-03-06
https://git.kernel.org/stable/c/9c41f4935625218a2053a2dce1423c3054169809	2024-03-26
https://git.kernel.org/stable/c/2afdd0cb02329464d77f3ec59468395c791a51a4	2024-03-26
https://git.kernel.org/stable/c/5f7a07646655fb4108da527565dcdc80124b14c4	2024-02-27

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.269 < 5.4.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.269 < 5.4.271"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.269 < 5.4.273 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.269 < 5.4.273"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.210 < 5.10.212 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.210 < 5.10.212"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.210 < 5.10.214 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.210 < 5.10.214"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.149 < 5.15.151 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.149 < 5.15.151"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.149 < 5.15.153 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.149 < 5.15.153"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.76 < 6.1.81 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.76 < 6.1.81"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.76 < 6.1.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.76 < 6.1.83"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.15 < 6.6.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.15 < 6.6.21"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.15 < 6.6.23 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.15 < 6.6.23"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7.3 < 6.7.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7.3 < 6.7.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7.3 < 6.7.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7.3 < 6.7.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.8.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.8.2"		en		Affected