Lucene search
416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2024-27058HistoryMay 01, 2024 - 1:15 p.m.
CVE-2024-27058
2024-05-0113:15:50
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
44
linux kernel
cve-2024-27058
race condition
tmpfs
dquot rbtree
In the Linux kernel, the following vulnerability has been resolved:
tmpfs: fix race on handling dquot rbtree
A syzkaller reproducer found a race while attempting to remove dquot
information from the rb tree.
Fetching the rb_tree root node must also be protected by the
dqopt->dqio_sem, otherwise, giving the right timing, shmem_release_dquot()
will trigger a warning because it couldn’t find a node in the tree, when
the real reason was the root node changing before the search starts:
Thread 1 Thread 2
-
shmem_release_dquot() - shmem_{acquire,release}_dquot()
-
fetch ROOT - Fetch ROOT
- acquire dqio_sem -
wait dqio_sem
- do something, triger a tree rebalance - release dqio_sem -
acquire dqio_sem
-
start searching for the node, but
from the wrong location, missing
the node, and triggering a warning.
| Vendor | Product | Version | CPE |
|---|---|---|---|
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
Related
debiancve
debiancve
CVE-2024-27058
2024-05-01 13:15:50
ubuntucve
ubuntucve
CVE-2024-27058
2024-05-01 00:00:00
redhatcve
redhatcve
CVE-2024-27058
2024-05-01 20:24:23
cbl_mariner
cbl_mariner
cvelist
cvelist
CVE-2024-27058 tmpfs: fix race on handling dquot rbtree
2024-05-01 13:00:06