CVE-2024-38570
gfs2: Fix potential glock use-after-free on unmount
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix potential glock use-after-free on unmount
When a DLM lockspace is released and there ares still locks in that
lockspace, DLM will unlock those locks automatically. Commit
fb6791d100d1b started exploiting this behavior to speed up filesystem
unmount: gfs2 would simply free glocks it didn't want to unlock and then
release the lockspace. This didn't take the bast callbacks for
asynchronous lock contention notifications into account, which remain
active until until a lock is unlocked or its lockspace is released.
To prevent those callbacks from accessing deallocated objects, put the
glocks that should not be unlocked on the sd_dead_glocks list, release
the lockspace, and only then free those glocks.
As an additional measure, ignore unexpected ast and bast callbacks if
the receiving glock is dead.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: gfs2: soluciona el posible use-after-free de glock al desmontar Cuando se libera un espacio de bloqueo de DLM y todavía hay bloqueos en ese espacio de bloqueo, DLM desbloqueará esos bloqueos automáticamente. El commit fb6791d100d1b comenzó a explotar este comportamiento para acelerar el desmontaje del sistema de archivos: gfs2 simplemente liberaría las glocks que no quería desbloquear y luego liberaría el espacio de bloqueo. Esto no tuvo en cuenta las devoluciones de llamada de bast para notificaciones de contención de bloqueo asincrónicas, que permanecen activas hasta que se desbloquea un bloqueo o se libera su espacio de bloqueo. Para evitar que esas devoluciones de llamada accedan a objetos desasignados, coloque las glocks que no deben desbloquearse en la lista sd_dead_glocks, libere el espacio de bloqueo y solo entonces libere esas glocks. Como medida adicional, ignore las devoluciones de llamada inesperadas de ast y bast si la glock receptora está muerta.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-18 CVE Reserved
- 2024-06-19 CVE Published
- 2024-08-02 EPSS Updated
- 2024-09-11 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/fb6791d100d1bba20b5cdbc4912e1f7086ec60f8 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-38570 | 2024-09-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2293423 | 2024-09-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.8 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.6.33" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.8 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.8.12" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.8 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.9.3" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.8 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.10" | en |
Affected
| ||||||