Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2024-46701
HistorySep 13, 2024 - 6:27 a.m.

CVE-2024-46701 libfs: fix infinite directory reads for offset dir

2024-09-1306:27:29
Linux
www.cve.org
5
linux kernel
libfs
infinite directory reads

EPSS

0

Percentile

9.6%

JSON

In the Linux kernel, the following vulnerability has been resolved:

libfs: fix infinite directory reads for offset dir

After we switch tmpfs dir operations from simple_dir_operations to
simple_offset_dir_operations, every rename happened will fill new dentry
to dest dir’s maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free
key starting with octx->newx_offset, and then set newx_offset equals to
free key + 1. This will lead to infinite readdir combine with rename
happened at the same time, which fail generic/736 in xfstests(detail show
as below).

  1. create 5000 files(1 2 3…) under one dir
  2. call readdir(man 3 readdir) once, and get one entry
  3. rename(entry, “TEMPFILE”), then rename(“TEMPFILE”, entry)
  4. loop 2~3, until readdir return nothing or we loop too many
    times(tmpfs break test with the second condition)

We choose the same logic what commit 9b378f6ad48cf (“btrfs: fix infinite
directory reads”) to fix it, record the last_index when we open dir, and
do not emit the entry which index >= last_index. The file->private_data
now used in offset dir can use directly to do this, and we also update
the last_index when we llseek the dir file.

[brauner: only update last_index after seek when offset is zero like Jan suggested]

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/libfs.c"
    ],
    "versions": [
      {
        "version": "a2e459555c5f",
        "lessThan": "308b4fc2403b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a2e459555c5f",
        "lessThan": "64a7ce76fb90",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/libfs.c"
    ],
    "versions": [
      {
        "version": "6.6",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.6",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10.7",
        "lessThanOrEqual": "6.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.11",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

cve 1
osv 1
nvd 1
debiancve 1
cve
cve
CVE-2024-46701
2024-09-13 07:15:05
osv
osv
CVE-2024-46701
2024-09-13 07:15:05
nvd
nvd
CVE-2024-46701
2024-09-13 07:15:05
debiancve
debiancve
CVE-2024-46701
2024-09-13 07:15:05

EPSS

0

Percentile

9.6%

JSON
Related for CVELIST:CVE-2024-46701
cve1osv1nvd1debiancve1