CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix double inode unlock for direct IO sync writes
If we do a direct IO sync write, at btrfs_sync_file(), and we need to skip
inode logging or we get an error starting a transaction or an error when
flushing delalloc, we end up unlocking the inode when we shouldn’t under
the ‘out_release_extents’ label, and then unlock it again at
btrfs_direct_write().
Fix that by checking if we have to skip inode unlocking under that label.
git.kernel.org/linus/e0391e92f9ab4fb3dbdeb139c967dcfa7ac4b115 (6.11-rc3)
git.kernel.org/stable/c/1a607d22dea4f60438747705495ec4d0af2ec451
git.kernel.org/stable/c/7ba27f14161fc20c4fc0051658a22ddd832eb0aa
git.kernel.org/stable/c/8bd4c9220416111500c275546c69c63d42185793
git.kernel.org/stable/c/d924a0be2f218501588cf463d70f1c71afea06d9
git.kernel.org/stable/c/e0391e92f9ab4fb3dbdeb139c967dcfa7ac4b115
launchpad.net/bugs/cve/CVE-2024-43885
nvd.nist.gov/vuln/detail/CVE-2024-43885
security-tracker.debian.org/tracker/CVE-2024-43885
www.cve.org/CVERecord?id=CVE-2024-43885