Lucene search

K
cvelistLinuxCVELIST:CVE-2024-26685
HistoryApr 03, 2024 - 2:54 p.m.

CVE-2024-26685 nilfs2: fix potential bug in end_buffer_async_write

2024-04-0314:54:47
Linux
www.cve.org
1
linux kernel
vulnerability
syzbot report
block device
nilfs2
race condition
dirty blocks
crash
segment summary
super root block
buffer
bug fix

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.0%

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix potential bug in end_buffer_async_write

According to a syzbot report, end_buffer_async_write(), which handles the
completion of block device writes, may detect abnormal condition of the
buffer async_write flag and cause a BUG_ON failure when using nilfs2.

Nilfs2 itself does not use end_buffer_async_write(). But, the async_write
flag is now used as a marker by commit 7f42ec394156 (“nilfs2: fix issue
with race condition of competition between segments for dirty blocks”) as
a means of resolving double list insertion of dirty blocks in
nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the
resulting crash.

This modification is safe as long as it is used for file data and b-tree
node blocks where the page caches are independent. However, it was
irrelevant and redundant to also introduce async_write for segment summary
and super root blocks that share buffers with the backing device. This
led to the possibility that the BUG_ON check in end_buffer_async_write
would fail as described above, if independent writebacks of the backing
device occurred in parallel.

The use of async_write for segment summary buffers has already been
removed in a previous change.

Fix this issue by removing the manipulation of the async_write flag for
the remaining super root block buffer.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/nilfs2/segment.c"
    ],
    "versions": [
      {
        "version": "7f42ec394156",
        "lessThan": "c4a09fdac625",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7f42ec394156",
        "lessThan": "d31c8721e816",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7f42ec394156",
        "lessThan": "f3e4963566f5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7f42ec394156",
        "lessThan": "8fa90634ec3e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7f42ec394156",
        "lessThan": "6589f0f72f8e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7f42ec394156",
        "lessThan": "2c3bdba00283",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7f42ec394156",
        "lessThan": "626daab3811b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7f42ec394156",
        "lessThan": "5bc09b397cbf",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/nilfs2/segment.c"
    ],
    "versions": [
      {
        "version": "3.12",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "3.12",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.307",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.269",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.210",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.149",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.79",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.18",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.7.6",
        "lessThanOrEqual": "6.7.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.0%