Lucene search
LinuxCVE-2024-40972HistoryJul 12, 2024 - 1:15 p.m.
CVE-2024-40972
2024-07-1213:15:18
Linux
web.nvd.nist.gov
32
linux kernel
ext4
security vulnerability
In the Linux kernel, the following vulnerability has been resolved:
ext4: do not create EA inode under buffer lock
ext4_xattr_set_entry() creates new EA inodes while holding buffer lock
on the external xattr block. This is problematic as it nests all the
allocation locking (which acquires locks on other buffers) under the
buffer lock. This can even deadlock when the filesystem is corrupted and
e.g. quota file is setup to contain xattr block as data block. Move the
allocation of EA inode out of ext4_xattr_set_entry() into the callers.
Affected configurations
Node
linuxlinux_kernelRange6.1.0–6.1.107
ORlinuxlinux_kernelRange6.2.0–6.6.47
ORlinuxlinux_kernelRange6.7.0–6.9.7
ORlinuxlinux_kernelRange6.10.0≥
| Vendor | Product | Version | CPE |
|---|---|---|---|
| linux | linux_kernel | * | cpe:2.3:a:linux:linux_kernel:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"fs/ext4/xattr.c"
],
"versions": [
{
"version": "1da177e4c3f4",
"lessThan": "0752e7fb549d",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "737fb7853acd",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "111103907234",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "0a46ef234756",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"fs/ext4/xattr.c"
],
"versions": [
{
"version": "6.1.107",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.47",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.7",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]Related
nvd
nvd
CVE-2024-40972
2024-07-12 13:15:18
debiancve
debiancve
CVE-2024-40972
2024-07-12 13:15:18
vulnrichment
vulnrichment
CVE-2024-40972 ext4: do not create EA inode under buffer lock
2024-07-12 12:32:10
redhatcve
redhatcve
CVE-2024-40972
2024-07-16 17:26:34
osv
osv
CVE-2024-40972
2024-07-12 13:15:00
linux-nvidia-6.8 vulnerabilities
2024-09-13 11:22:12
linux-azure vulnerabilities
2024-09-12 13:23:45
cvelist
cvelist
CVE-2024-40972 ext4: do not create EA inode under buffer lock
2024-07-12 12:32:10
ubuntucve
ubuntucve
CVE-2024-40972
2024-07-12 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2802-1)
2024-08-08 00:00:00
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6999-1)
2024-09-11 00:00:00
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-7005-2)
2024-09-13 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-7004-1)
2024-09-13 00:00:00
Ubuntu: Security Advisory (USN-7005-1)
2024-09-13 00:00:00
Ubuntu: Security Advisory (USN-7005-2)
2024-09-16 00:00:00