cve-2024-53112
Vulnerability from cvelistv5
Published
2024-12-02 13:44
Modified
2024-12-19 09:39
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: uncache inode which has failed entering the group
Syzbot has reported the following BUG:
kernel BUG at fs/ocfs2/uptodate.c:509!
...
Call Trace:
<TASK>
? __die_body+0x5f/0xb0
? die+0x9e/0xc0
? do_trap+0x15a/0x3a0
? ocfs2_set_new_buffer_uptodate+0x145/0x160
? do_error_trap+0x1dc/0x2c0
? ocfs2_set_new_buffer_uptodate+0x145/0x160
? __pfx_do_error_trap+0x10/0x10
? handle_invalid_op+0x34/0x40
? ocfs2_set_new_buffer_uptodate+0x145/0x160
? exc_invalid_op+0x38/0x50
? asm_exc_invalid_op+0x1a/0x20
? ocfs2_set_new_buffer_uptodate+0x2e/0x160
? ocfs2_set_new_buffer_uptodate+0x144/0x160
? ocfs2_set_new_buffer_uptodate+0x145/0x160
ocfs2_group_add+0x39f/0x15a0
? __pfx_ocfs2_group_add+0x10/0x10
? __pfx_lock_acquire+0x10/0x10
? mnt_get_write_access+0x68/0x2b0
? __pfx_lock_release+0x10/0x10
? rcu_read_lock_any_held+0xb7/0x160
? __pfx_rcu_read_lock_any_held+0x10/0x10
? smack_log+0x123/0x540
? mnt_get_write_access+0x68/0x2b0
? mnt_get_write_access+0x68/0x2b0
? mnt_get_write_access+0x226/0x2b0
ocfs2_ioctl+0x65e/0x7d0
? __pfx_ocfs2_ioctl+0x10/0x10
? smack_file_ioctl+0x29e/0x3a0
? __pfx_smack_file_ioctl+0x10/0x10
? lockdep_hardirqs_on_prepare+0x43d/0x780
? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
? __pfx_ocfs2_ioctl+0x10/0x10
__se_sys_ioctl+0xfb/0x170
do_syscall_64+0xf3/0x230
entry_SYSCALL_64_after_hwframe+0x77/0x7f
...
</TASK>
When 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular
inode in 'ocfs2_verify_group_and_input()', corresponding buffer head
remains cached and subsequent call to the same 'ioctl()' for the same
inode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying
to cache the same buffer head of that inode). Fix this by uncaching
the buffer head with 'ocfs2_remove_from_cache()' on error path in
'ocfs2_group_add()'.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 7909f2bf835376a20d6dbf853eb459a27566eba2 Version: 7909f2bf835376a20d6dbf853eb459a27566eba2 Version: 7909f2bf835376a20d6dbf853eb459a27566eba2 Version: 7909f2bf835376a20d6dbf853eb459a27566eba2 Version: 7909f2bf835376a20d6dbf853eb459a27566eba2 Version: 7909f2bf835376a20d6dbf853eb459a27566eba2 Version: 7909f2bf835376a20d6dbf853eb459a27566eba2 Version: 7909f2bf835376a20d6dbf853eb459a27566eba2 |
||||||
|
|||||||||
{ containers: { cna: { affected: [ { defaultStatus: "unaffected", product: "Linux", programFiles: [ "fs/ocfs2/resize.c", ], repo: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", vendor: "Linux", versions: [ { lessThan: "ac0cfe8ac35cf1be54131b90d114087b558777ca", status: "affected", version: "7909f2bf835376a20d6dbf853eb459a27566eba2", versionType: "git", }, { lessThan: "5ae8cc0b0c027e9cab22596049bc4dd1cbc37ee4", status: "affected", version: "7909f2bf835376a20d6dbf853eb459a27566eba2", versionType: "git", }, { lessThan: "28d4ed71ae0b4baedca3e85ee6d8f227ec75ebf6", status: "affected", version: "7909f2bf835376a20d6dbf853eb459a27566eba2", versionType: "git", }, { lessThan: "0e04746db2ec4aec04cef5763b9d9aa32829ae2f", status: "affected", version: "7909f2bf835376a20d6dbf853eb459a27566eba2", versionType: "git", }, { lessThan: "620d22598110b0d0cb97a3fcca65fc473ea86e73", status: "affected", version: "7909f2bf835376a20d6dbf853eb459a27566eba2", versionType: "git", }, { lessThan: "843dfc804af4b338ead42331dd58081b428ecdf8", status: "affected", version: "7909f2bf835376a20d6dbf853eb459a27566eba2", versionType: "git", }, { lessThan: "b751c50e19d66cfb7360c0b55cf17b0722252d12", status: "affected", version: "7909f2bf835376a20d6dbf853eb459a27566eba2", versionType: "git", }, { lessThan: "737f34137844d6572ab7d473c998c7f977ff30eb", status: "affected", version: "7909f2bf835376a20d6dbf853eb459a27566eba2", versionType: "git", }, ], }, { defaultStatus: "affected", product: "Linux", programFiles: [ "fs/ocfs2/resize.c", ], repo: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", vendor: "Linux", versions: [ { status: "affected", version: "2.6.25", }, { lessThan: "2.6.25", status: "unaffected", version: "0", versionType: "semver", }, { lessThanOrEqual: "4.19.*", status: "unaffected", version: "4.19.325", versionType: "semver", }, { lessThanOrEqual: "5.4.*", status: "unaffected", version: "5.4.287", versionType: "semver", }, { lessThanOrEqual: "5.10.*", status: "unaffected", version: "5.10.231", versionType: "semver", }, { lessThanOrEqual: "5.15.*", status: "unaffected", version: "5.15.174", versionType: "semver", }, { lessThanOrEqual: "6.1.*", status: "unaffected", version: "6.1.119", versionType: "semver", }, { lessThanOrEqual: "6.6.*", status: "unaffected", version: "6.6.63", versionType: "semver", }, { lessThanOrEqual: "6.11.*", status: "unaffected", version: "6.11.10", versionType: "semver", }, { lessThanOrEqual: "*", status: "unaffected", version: "6.12", versionType: "original_commit_for_fix", }, ], }, ], descriptions: [ { lang: "en", value: "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: uncache inode which has failed entering the group\n\nSyzbot has reported the following BUG:\n\nkernel BUG at fs/ocfs2/uptodate.c:509!\n...\nCall Trace:\n <TASK>\n ? __die_body+0x5f/0xb0\n ? die+0x9e/0xc0\n ? do_trap+0x15a/0x3a0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? do_error_trap+0x1dc/0x2c0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? __pfx_do_error_trap+0x10/0x10\n ? handle_invalid_op+0x34/0x40\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? exc_invalid_op+0x38/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? ocfs2_set_new_buffer_uptodate+0x2e/0x160\n ? ocfs2_set_new_buffer_uptodate+0x144/0x160\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ocfs2_group_add+0x39f/0x15a0\n ? __pfx_ocfs2_group_add+0x10/0x10\n ? __pfx_lock_acquire+0x10/0x10\n ? mnt_get_write_access+0x68/0x2b0\n ? __pfx_lock_release+0x10/0x10\n ? rcu_read_lock_any_held+0xb7/0x160\n ? __pfx_rcu_read_lock_any_held+0x10/0x10\n ? smack_log+0x123/0x540\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x226/0x2b0\n ocfs2_ioctl+0x65e/0x7d0\n ? __pfx_ocfs2_ioctl+0x10/0x10\n ? smack_file_ioctl+0x29e/0x3a0\n ? __pfx_smack_file_ioctl+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? __pfx_ocfs2_ioctl+0x10/0x10\n __se_sys_ioctl+0xfb/0x170\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n </TASK>\n\nWhen 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular\ninode in 'ocfs2_verify_group_and_input()', corresponding buffer head\nremains cached and subsequent call to the same 'ioctl()' for the same\ninode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying\nto cache the same buffer head of that inode). Fix this by uncaching\nthe buffer head with 'ocfs2_remove_from_cache()' on error path in\n'ocfs2_group_add()'.", }, ], providerMetadata: { dateUpdated: "2024-12-19T09:39:28.398Z", orgId: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", shortName: "Linux", }, references: [ { url: "https://git.kernel.org/stable/c/ac0cfe8ac35cf1be54131b90d114087b558777ca", }, { url: "https://git.kernel.org/stable/c/5ae8cc0b0c027e9cab22596049bc4dd1cbc37ee4", }, { url: "https://git.kernel.org/stable/c/28d4ed71ae0b4baedca3e85ee6d8f227ec75ebf6", }, { url: "https://git.kernel.org/stable/c/0e04746db2ec4aec04cef5763b9d9aa32829ae2f", }, { url: "https://git.kernel.org/stable/c/620d22598110b0d0cb97a3fcca65fc473ea86e73", }, { url: "https://git.kernel.org/stable/c/843dfc804af4b338ead42331dd58081b428ecdf8", }, { url: "https://git.kernel.org/stable/c/b751c50e19d66cfb7360c0b55cf17b0722252d12", }, { url: "https://git.kernel.org/stable/c/737f34137844d6572ab7d473c998c7f977ff30eb", }, ], title: "ocfs2: uncache inode which has failed entering the group", x_generator: { engine: "bippy-5f407fcff5a0", }, }, }, cveMetadata: { assignerOrgId: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", assignerShortName: "Linux", cveId: "CVE-2024-53112", datePublished: "2024-12-02T13:44:44.387Z", dateReserved: "2024-11-19T17:17:24.993Z", dateUpdated: "2024-12-19T09:39:28.398Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2024-53112\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-02T14:15:11.997\",\"lastModified\":\"2024-12-14T21:15:35.370\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nocfs2: uncache inode which has failed entering the group\\n\\nSyzbot has reported the following BUG:\\n\\nkernel BUG at fs/ocfs2/uptodate.c:509!\\n...\\nCall Trace:\\n <TASK>\\n ? __die_body+0x5f/0xb0\\n ? die+0x9e/0xc0\\n ? do_trap+0x15a/0x3a0\\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\\n ? do_error_trap+0x1dc/0x2c0\\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\\n ? __pfx_do_error_trap+0x10/0x10\\n ? handle_invalid_op+0x34/0x40\\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\\n ? exc_invalid_op+0x38/0x50\\n ? asm_exc_invalid_op+0x1a/0x20\\n ? ocfs2_set_new_buffer_uptodate+0x2e/0x160\\n ? ocfs2_set_new_buffer_uptodate+0x144/0x160\\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\\n ocfs2_group_add+0x39f/0x15a0\\n ? __pfx_ocfs2_group_add+0x10/0x10\\n ? __pfx_lock_acquire+0x10/0x10\\n ? mnt_get_write_access+0x68/0x2b0\\n ? __pfx_lock_release+0x10/0x10\\n ? rcu_read_lock_any_held+0xb7/0x160\\n ? __pfx_rcu_read_lock_any_held+0x10/0x10\\n ? smack_log+0x123/0x540\\n ? mnt_get_write_access+0x68/0x2b0\\n ? mnt_get_write_access+0x68/0x2b0\\n ? mnt_get_write_access+0x226/0x2b0\\n ocfs2_ioctl+0x65e/0x7d0\\n ? __pfx_ocfs2_ioctl+0x10/0x10\\n ? smack_file_ioctl+0x29e/0x3a0\\n ? __pfx_smack_file_ioctl+0x10/0x10\\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\\n ? __pfx_ocfs2_ioctl+0x10/0x10\\n __se_sys_ioctl+0xfb/0x170\\n do_syscall_64+0xf3/0x230\\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\\n...\\n </TASK>\\n\\nWhen 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular\\ninode in 'ocfs2_verify_group_and_input()', corresponding buffer head\\nremains cached and subsequent call to the same 'ioctl()' for the same\\ninode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying\\nto cache the same buffer head of that inode). Fix this by uncaching\\nthe buffer head with 'ocfs2_remove_from_cache()' on error path in\\n'ocfs2_group_add()'.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: anular la caché de un nodo que no ha podido entrar en el grupo Syzbot ha informado del siguiente ERROR: ERROR del kernel en fs/ocfs2/uptodate.c:509! ... Seguimiento de llamadas: ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? __pfx_do_error_trap+0x10/0x10 ? handle_invalid_op+0x34/0x40 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160 ? ocfs2_set_new_buffer_uptodate+0x144/0x160 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ocfs2_group_add+0x39f/0x15a0 ? __pfx_ocfs2_group_add+0x10/0x10 ? __pfx_lock_acquire+0x10/0x10 ? __pfx_ocfs2_ioctl+0x65e/0x7d0 ? __pfx_smack_file_ioctl+0x29e/0x3a0 ? __pfx_smack_file_ioctl+0x10/0x10 ? bloqueo_dep_hardirqs_en_preparar+0x43d/0x780 ? lockdep_hardirqs_on_prepare+0x10/0x10 ? __pfx_ocfs2_ioctl+0x10/0x10 __se_sys_ioctl+0xfb/0x170 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... Cuando 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' ha fallado para el inodo particular en 'ocfs2_verify_group_and_input()', el cabezal de búfer correspondiente permanece en caché y la llamada posterior al mismo 'ioctl()' para el mismo inodo emite el BUG() en 'ocfs2_set_new_buffer_uptodate()' (intentando almacenar en caché el mismo cabezal de búfer de ese inodo). Solucione este problema quitando el caché del encabezado del búfer con 'ocfs2_remove_from_cache()' en la ruta de error en 'ocfs2_group_add()'.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.25\",\"versionEndExcluding\":\"4.19.325\",\"matchCriteriaId\":\"FEB31F82-F68B-4515-A54D-46D35F5CA5D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"6.1.119\",\"matchCriteriaId\":\"6B7FAECA-414B-4BFF-905E-5DC7092800A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.63\",\"matchCriteriaId\":\"8800BB45-48BC-4B52-BDA5-B1E4633F42E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.10\",\"matchCriteriaId\":\"C256F46A-AFDD-4B99-AA4F-67D9D9D2C55A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B88717-53F5-42AA-9B72-14C707639E3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EF8CD82-1EAE-4254-9545-F85AB94CF90F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0e04746db2ec4aec04cef5763b9d9aa32829ae2f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/28d4ed71ae0b4baedca3e85ee6d8f227ec75ebf6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5ae8cc0b0c027e9cab22596049bc4dd1cbc37ee4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/620d22598110b0d0cb97a3fcca65fc473ea86e73\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/737f34137844d6572ab7d473c998c7f977ff30eb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/843dfc804af4b338ead42331dd58081b428ecdf8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ac0cfe8ac35cf1be54131b90d114087b558777ca\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b751c50e19d66cfb7360c0b55cf17b0722252d12\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.