Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2024-43885
HistoryAug 26, 2024 - 10:10 a.m.

CVE-2024-43885 btrfs: fix double inode unlock for direct IO sync writes

2024-08-2610:10:36
Linux
www.cve.org
2
linux kernel
vulnerability
btrfs
direct io
sync writes
inode unlock
fix

EPSS

0

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix double inode unlock for direct IO sync writes

If we do a direct IO sync write, at btrfs_sync_file(), and we need to skip
inode logging or we get an error starting a transaction or an error when
flushing delalloc, we end up unlocking the inode when we shouldn’t under
the ‘out_release_extents’ label, and then unlock it again at
btrfs_direct_write().

Fix that by checking if we have to skip inode unlocking under that label.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/btrfs/file.c"
    ],
    "versions": [
      {
        "version": "4e17707035a6",
        "lessThan": "1a607d22dea4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "6cae8d04d8b3",
        "lessThan": "8bd4c9220416",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0a108bde616a",
        "lessThan": "7ba27f14161f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "3831170f7406",
        "lessThan": "d924a0be2f21",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "939b656bc8ab",
        "lessThan": "e0391e92f9ab",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/btrfs/file.c"
    ],
    "versions": [
      {
        "version": "6.11-rc2",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.11-rc2",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.11-rc3",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

redhatcve 1
osv 3
debiancve 1
vulnrichment 1
ubuntucve 1
nvd 1
cve 1
nessus 2
redhatcve
redhatcve
CVE-2024-43885
2024-08-27 10:40:02
osv
osv
CVE-2024-43885
2024-08-26 11:15:03
Security update for the Linux Kernel
2024-09-10 14:10:24
Security update for the Linux Kernel
2024-09-10 09:06:25
debiancve
debiancve
CVE-2024-43885
2024-08-26 11:15:03
vulnrichment
vulnrichment
CVE-2024-43885 btrfs: fix double inode unlock for direct IO sync writes
2024-08-26 10:10:36
ubuntucve
ubuntucve
CVE-2024-43885
2024-08-26 00:00:00
nvd
nvd
CVE-2024-43885
2024-08-26 11:15:03
cve
cve
CVE-2024-43885
2024-08-26 11:15:03
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3194-1)
2024-09-11 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3195-1)
2024-09-11 00:00:00

EPSS

0

Percentile

5.0%

JSON
Related for CVELIST:CVE-2024-43885
redhatcve1osv3debiancve1vulnrichment1ubuntucve1nvd1cve1nessus2