Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2024-40972
HistoryJul 12, 2024 - 12:32 p.m.

CVE-2024-40972 ext4: do not create EA inode under buffer lock

2024-07-1212:32:10
Linux
www.cve.org
6
linux kernel
ext4
vulnerability fix
buffer lock

EPSS

0

Percentile

16.4%

JSON

In the Linux kernel, the following vulnerability has been resolved:

ext4: do not create EA inode under buffer lock

ext4_xattr_set_entry() creates new EA inodes while holding buffer lock
on the external xattr block. This is problematic as it nests all the
allocation locking (which acquires locks on other buffers) under the
buffer lock. This can even deadlock when the filesystem is corrupted and
e.g. quota file is setup to contain xattr block as data block. Move the
allocation of EA inode out of ext4_xattr_set_entry() into the callers.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/ext4/xattr.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "0752e7fb549d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "737fb7853acd",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "111103907234",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "0a46ef234756",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/ext4/xattr.c"
    ],
    "versions": [
      {
        "version": "6.1.107",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.47",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.7",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

vulnrichment 1
cve 1
redhatcve 1
nvd 1
debiancve 1
osv 6
ubuntucve 1
nessus 11
openvas 6
vulnrichment
vulnrichment
CVE-2024-40972 ext4: do not create EA inode under buffer lock
2024-07-12 12:32:10
cve
cve
CVE-2024-40972
2024-07-12 13:15:18
redhatcve
redhatcve
CVE-2024-40972
2024-07-16 17:26:34
nvd
nvd
CVE-2024-40972
2024-07-12 13:15:18
debiancve
debiancve
CVE-2024-40972
2024-07-12 13:15:18
osv
osv
CVE-2024-40972
2024-07-12 13:15:00
linux-nvidia, linux-nvidia-lowlatency vulnerabilities
2024-09-12 13:47:54
linux-nvidia-6.8 vulnerabilities
2024-09-13 11:22:12
ubuntucve
ubuntucve
CVE-2024-40972
2024-07-12 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2802-1)
2024-08-08 00:00:00
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-7005-2)
2024-09-13 00:00:00
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6999-1)
2024-09-11 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-7005-2)
2024-09-16 00:00:00
Ubuntu: Security Advisory (USN-7005-1)
2024-09-13 00:00:00
Ubuntu: Security Advisory (USN-7004-1)
2024-09-13 00:00:00

EPSS

0

Percentile

16.4%

JSON
Related for CVELIST:CVE-2024-40972
vulnrichment1cve1redhatcve1nvd1debiancve1osv6ubuntucve1nessus11openvas6