cvelistv5 - cve-2024-57896

cve-2024-57896

Vulnerability from cvelistv5

Published

2025-01-15 13:05

Modified

2025-02-11 15:45

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the unmount path, at close_ctree(), we first stop the cleaner kthread, using kthread_stop() which frees the associated task_struct, and then stop and destroy all the work queues. However after we stopped the cleaner we may still have a worker from the delalloc_workers queue running inode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput(), which in turn tries to wake up the cleaner kthread - which was already destroyed before, resulting in a use-after-free on the task_struct. Syzbot reported this with the following stack traces: BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 Read of size 8 at addr ffff8880259d2818 by task kworker/u8:3/52 CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: btrfs-delalloc btrfs_work_helper Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline] try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205 submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615 run_ordered_work fs/btrfs/async-thread.c:288 [inline] btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 2: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4104 [inline] slab_alloc_node mm/slub.c:4153 [inline] kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4205 alloc_task_struct_node kernel/fork.c:180 [inline] dup_task_struct+0x57/0x8c0 kernel/fork.c:1113 copy_process+0x5d1/0x3d50 kernel/fork.c:2225 kernel_clone+0x223/0x870 kernel/fork.c:2807 kernel_thread+0x1bc/0x240 kernel/fork.c:2869 create_kthread kernel/kthread.c:412 [inline] kthreadd+0x60d/0x810 kernel/kthread.c:767 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 24: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2338 [inline] slab_free mm/slub.c:4598 [inline] kmem_cache_free+0x195/0x410 mm/slub.c:4700 put_task_struct include/linux/sched/task.h:144 [inline] delayed_put_task_struct+0x125/0x300 kernel/exit.c:227 rcu_do_batch kernel/rcu/tree.c:2567 [inline] rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:943 ---truncated---

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/1ea629e7bb2fb40555e5e01a1b5095df31287017	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/35916b2f96505a18dc7242a115611b718d9de725	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/63f4b594a688bf922e8691f0784679aa7af7988c	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a2718ed1eb8c3611b63f8933c7e68c8821fe2808	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d77a3a99b53d12c061c007cdc96df38825dee476	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f10bef73fb355e3fc85e63a50386798be68ff486	Patch

Impacted products

Vendor

Product

Version

▼

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57896",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:40:57.951586Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:19.574Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/disk-io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a2718ed1eb8c3611b63f8933c7e68c8821fe2808",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "63f4b594a688bf922e8691f0784679aa7af7988c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1ea629e7bb2fb40555e5e01a1b5095df31287017",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "35916b2f96505a18dc7242a115611b718d9de725",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d77a3a99b53d12c061c007cdc96df38825dee476",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f10bef73fb355e3fc85e63a50386798be68ff486",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/disk-io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: flush delalloc workers queue before stopping cleaner kthread during unmount\n\nDuring the unmount path, at close_ctree(), we first stop the cleaner\nkthread, using kthread_stop() which frees the associated task_struct, and\nthen stop and destroy all the work queues. However after we stopped the\ncleaner we may still have a worker from the delalloc_workers queue running\ninode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput(),\nwhich in turn tries to wake up the cleaner kthread - which was already\ndestroyed before, resulting in a use-after-free on the task_struct.\n\nSyzbot reported this with the following stack traces:\n\n  BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089\n  Read of size 8 at addr ffff8880259d2818 by task kworker/u8:3/52\n\n  CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n  Workqueue: btrfs-delalloc btrfs_work_helper\n  Call Trace:\n   \u003cTASK\u003e\n   __dump_stack lib/dump_stack.c:94 [inline]\n   dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n   print_address_description mm/kasan/report.c:378 [inline]\n   print_report+0x169/0x550 mm/kasan/report.c:489\n   kasan_report+0x143/0x180 mm/kasan/report.c:602\n   __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089\n   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n   __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n   _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n   class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\n   try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205\n   submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615\n   run_ordered_work fs/btrfs/async-thread.c:288 [inline]\n   btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324\n   process_one_work kernel/workqueue.c:3229 [inline]\n   process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n   worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n   kthread+0x2f0/0x390 kernel/kthread.c:389\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n   \u003c/TASK\u003e\n\n  Allocated by task 2:\n   kasan_save_stack mm/kasan/common.c:47 [inline]\n   kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n   unpoison_slab_object mm/kasan/common.c:319 [inline]\n   __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\n   kasan_slab_alloc include/linux/kasan.h:250 [inline]\n   slab_post_alloc_hook mm/slub.c:4104 [inline]\n   slab_alloc_node mm/slub.c:4153 [inline]\n   kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4205\n   alloc_task_struct_node kernel/fork.c:180 [inline]\n   dup_task_struct+0x57/0x8c0 kernel/fork.c:1113\n   copy_process+0x5d1/0x3d50 kernel/fork.c:2225\n   kernel_clone+0x223/0x870 kernel/fork.c:2807\n   kernel_thread+0x1bc/0x240 kernel/fork.c:2869\n   create_kthread kernel/kthread.c:412 [inline]\n   kthreadd+0x60d/0x810 kernel/kthread.c:767\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n  Freed by task 24:\n   kasan_save_stack mm/kasan/common.c:47 [inline]\n   kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n   kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n   poison_slab_object mm/kasan/common.c:247 [inline]\n   __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n   kasan_slab_free include/linux/kasan.h:233 [inline]\n   slab_free_hook mm/slub.c:2338 [inline]\n   slab_free mm/slub.c:4598 [inline]\n   kmem_cache_free+0x195/0x410 mm/slub.c:4700\n   put_task_struct include/linux/sched/task.h:144 [inline]\n   delayed_put_task_struct+0x125/0x300 kernel/exit.c:227\n   rcu_do_batch kernel/rcu/tree.c:2567 [inline]\n   rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823\n   handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554\n   run_ksoftirqd+0xca/0x130 kernel/softirq.c:943\n  \n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-20T06:29:06.443Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a2718ed1eb8c3611b63f8933c7e68c8821fe2808"
        },
        {
          "url": "https://git.kernel.org/stable/c/63f4b594a688bf922e8691f0784679aa7af7988c"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ea629e7bb2fb40555e5e01a1b5095df31287017"
        },
        {
          "url": "https://git.kernel.org/stable/c/35916b2f96505a18dc7242a115611b718d9de725"
        },
        {
          "url": "https://git.kernel.org/stable/c/d77a3a99b53d12c061c007cdc96df38825dee476"
        },
        {
          "url": "https://git.kernel.org/stable/c/f10bef73fb355e3fc85e63a50386798be68ff486"
        }
      ],
      "title": "btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57896",
    "datePublished": "2025-01-15T13:05:48.310Z",
    "dateReserved": "2025-01-11T14:45:42.029Z",
    "dateUpdated": "2025-02-11T15:45:19.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-57896\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-01-15T13:15:14.200\",\"lastModified\":\"2025-02-11T16:15:49.050\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbtrfs: flush delalloc workers queue before stopping cleaner kthread during unmount\\n\\nDuring the unmount path, at close_ctree(), we first stop the cleaner\\nkthread, using kthread_stop() which frees the associated task_struct, and\\nthen stop and destroy all the work queues. However after we stopped the\\ncleaner we may still have a worker from the delalloc_workers queue running\\ninode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput(),\\nwhich in turn tries to wake up the cleaner kthread - which was already\\ndestroyed before, resulting in a use-after-free on the task_struct.\\n\\nSyzbot reported this with the following stack traces:\\n\\n  BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089\\n  Read of size 8 at addr ffff8880259d2818 by task kworker/u8:3/52\\n\\n  CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0\\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\\n  Workqueue: btrfs-delalloc btrfs_work_helper\\n  Call Trace:\\n   \u003cTASK\u003e\\n   __dump_stack lib/dump_stack.c:94 [inline]\\n   dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\\n   print_address_description mm/kasan/report.c:378 [inline]\\n   print_report+0x169/0x550 mm/kasan/report.c:489\\n   kasan_report+0x143/0x180 mm/kasan/report.c:602\\n   __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089\\n   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\\n   __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\\n   _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\\n   class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\\n   try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205\\n   submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615\\n   run_ordered_work fs/btrfs/async-thread.c:288 [inline]\\n   btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324\\n   process_one_work kernel/workqueue.c:3229 [inline]\\n   process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\\n   worker_thread+0x870/0xd30 kernel/workqueue.c:3391\\n   kthread+0x2f0/0x390 kernel/kthread.c:389\\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\\n   \u003c/TASK\u003e\\n\\n  Allocated by task 2:\\n   kasan_save_stack mm/kasan/common.c:47 [inline]\\n   kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\\n   unpoison_slab_object mm/kasan/common.c:319 [inline]\\n   __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\\n   kasan_slab_alloc include/linux/kasan.h:250 [inline]\\n   slab_post_alloc_hook mm/slub.c:4104 [inline]\\n   slab_alloc_node mm/slub.c:4153 [inline]\\n   kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4205\\n   alloc_task_struct_node kernel/fork.c:180 [inline]\\n   dup_task_struct+0x57/0x8c0 kernel/fork.c:1113\\n   copy_process+0x5d1/0x3d50 kernel/fork.c:2225\\n   kernel_clone+0x223/0x870 kernel/fork.c:2807\\n   kernel_thread+0x1bc/0x240 kernel/fork.c:2869\\n   create_kthread kernel/kthread.c:412 [inline]\\n   kthreadd+0x60d/0x810 kernel/kthread.c:767\\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\\n\\n  Freed by task 24:\\n   kasan_save_stack mm/kasan/common.c:47 [inline]\\n   kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\\n   kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\\n   poison_slab_object mm/kasan/common.c:247 [inline]\\n   __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\\n   kasan_slab_free include/linux/kasan.h:233 [inline]\\n   slab_free_hook mm/slub.c:2338 [inline]\\n   slab_free mm/slub.c:4598 [inline]\\n   kmem_cache_free+0x195/0x410 mm/slub.c:4700\\n   put_task_struct include/linux/sched/task.h:144 [inline]\\n   delayed_put_task_struct+0x125/0x300 kernel/exit.c:227\\n   rcu_do_batch kernel/rcu/tree.c:2567 [inline]\\n   rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823\\n   handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554\\n   run_ksoftirqd+0xca/0x130 kernel/softirq.c:943\\n  \\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: vaciar la cola de trabajadores delalloc antes de detener el kthread del limpiador durante el desmontaje Durante la ruta de desmontaje, en close_ctree(), primero detenemos el kthread del limpiador, utilizando kthread_stop() que libera el task_struct asociado, y luego detenemos y destruimos todas las colas de trabajo. Sin embargo, despu\u00e9s de detener el limpiador, es posible que a\u00fan tengamos un trabajador de la cola delalloc_workers ejecutando inode.c:submit_compressed_extents(), que llama a btrfs_add_delayed_iput(), que a su vez intenta despertar el kthread del limpiador, que ya se destruy\u00f3 antes, lo que resulta en un uso despu\u00e9s de la liberaci\u00f3n en el task_struct. Syzbot inform\u00f3 esto con los siguientes seguimientos de pila: ERROR: KASAN: slab-use-after-free en __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8880259d2818 por la tarea kworker/u8:3/52 CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 No contaminado 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024 Cola de trabajo: btrfs-delalloc btrfs_work_helper Seguimiento de llamadas:  __dump_stack lib/dump_stack.c:94 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [en l\u00ednea] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __raw_spin_lock_irqsave incluir/linux/spinlock_api_smp.h:110 [en l\u00ednea] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [en l\u00ednea] try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205 submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615 run_ordered_work fs/btrfs/async-thread.c:288 [en l\u00ednea] btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324 process_one_work kernel/workqueue.c:3229 [en l\u00ednea] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 Asignado por la tarea 2: kasan_save_stack mm/kasan/common.c:47 [en l\u00ednea] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [en l\u00ednea] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [en l\u00ednea] gancho de alloc de publicaci\u00f3n de losa mm/slub.c:4104 [en l\u00ednea] nodo de alloc de losa mm/slub.c:4153 [en l\u00ednea] nodo de alloc de cach\u00e9 kmem_noprof+0x1d9/0x380 mm/slub.c:4205 nodo de estructura de tareas de asignaci\u00f3n kernel/fork.c:180 [en l\u00ednea] estructura de tareas dup+0x57/0x8c0 kernel/fork.c:1113 proceso de copia+0x5d1/0x3d50 kernel/fork.c:2225 clon de kernel+0x223/0x870 kernel/fork.c:2807 kernel_thread+0x1bc/0x240 kernel/fork.c:2869 create_kthread kernel/kthread.c:412 [en l\u00ednea] kthreadd+0x60d/0x810 kernel/kthread.c:767 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Liberado por la tarea 24: kasan_save_stack mm/kasan/common.c:47 [en l\u00ednea] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582 poison_slab_object mm/kasan/common.c:247 [en l\u00ednea] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [en l\u00ednea] gancho slab_free mm/slub.c:2338 [en l\u00ednea] slab_free mm/slub.c:4598 [en l\u00ednea] kmem_cache_free+0x195/0x410 mm/slub.c:4700 put_task_struct include/linux/sched/task.h:144 [en l\u00ednea] delayed_put_task_struct+0x125/0x300 kernel/exit.c:227 rcu_do_batch kernel/rcu/tree.c:2567 [en l\u00ednea] rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:943 ---truncado---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.10.233\",\"matchCriteriaId\":\"B108BF34-DC4E-4111-9959-D325A6BD3B57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.176\",\"matchCriteriaId\":\"DDBD8FC6-2357-4347-BFA1-B4A4A3039F35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.124\",\"matchCriteriaId\":\"1B69CE1B-5219-42EB-B7DD-7E7D7F1DB032\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.70\",\"matchCriteriaId\":\"51E6CFF2-92AA-4936-95AB-2D068168A696\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.9\",\"matchCriteriaId\":\"1D13AF97-FFED-4B68-906D-CFE38D0B88DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62567B3C-6CEE-46D0-BC2E-B3717FBF7D13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A073481-106D-4B15-B4C7-FB0213B8E1D4\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1ea629e7bb2fb40555e5e01a1b5095df31287017\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/35916b2f96505a18dc7242a115611b718d9de725\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/63f4b594a688bf922e8691f0784679aa7af7988c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a2718ed1eb8c3611b63f8933c7e68c8821fe2808\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d77a3a99b53d12c061c007cdc96df38825dee476\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f10bef73fb355e3fc85e63a50386798be68ff486\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-57896\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-11T15:40:57.951586Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-11T15:40:59.294Z\"}}], \"cna\": {\"title\": \"btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"a2718ed1eb8c3611b63f8933c7e68c8821fe2808\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"63f4b594a688bf922e8691f0784679aa7af7988c\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"1ea629e7bb2fb40555e5e01a1b5095df31287017\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"35916b2f96505a18dc7242a115611b718d9de725\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"d77a3a99b53d12c061c007cdc96df38825dee476\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"f10bef73fb355e3fc85e63a50386798be68ff486\", \"versionType\": \"git\"}], \"programFiles\": [\"fs/btrfs/disk-io.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"5.10.233\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.176\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.124\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.70\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12.9\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.12.*\"}, {\"status\": \"unaffected\", \"version\": \"6.13\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/btrfs/disk-io.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/a2718ed1eb8c3611b63f8933c7e68c8821fe2808\"}, {\"url\": \"https://git.kernel.org/stable/c/63f4b594a688bf922e8691f0784679aa7af7988c\"}, {\"url\": \"https://git.kernel.org/stable/c/1ea629e7bb2fb40555e5e01a1b5095df31287017\"}, {\"url\": \"https://git.kernel.org/stable/c/35916b2f96505a18dc7242a115611b718d9de725\"}, {\"url\": \"https://git.kernel.org/stable/c/d77a3a99b53d12c061c007cdc96df38825dee476\"}, {\"url\": \"https://git.kernel.org/stable/c/f10bef73fb355e3fc85e63a50386798be68ff486\"}], \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbtrfs: flush delalloc workers queue before stopping cleaner kthread during unmount\\n\\nDuring the unmount path, at close_ctree(), we first stop the cleaner\\nkthread, using kthread_stop() which frees the associated task_struct, and\\nthen stop and destroy all the work queues. However after we stopped the\\ncleaner we may still have a worker from the delalloc_workers queue running\\ninode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput(),\\nwhich in turn tries to wake up the cleaner kthread - which was already\\ndestroyed before, resulting in a use-after-free on the task_struct.\\n\\nSyzbot reported this with the following stack traces:\\n\\n  BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089\\n  Read of size 8 at addr ffff8880259d2818 by task kworker/u8:3/52\\n\\n  CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0\\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\\n  Workqueue: btrfs-delalloc btrfs_work_helper\\n  Call Trace:\\n   \u003cTASK\u003e\\n   __dump_stack lib/dump_stack.c:94 [inline]\\n   dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\\n   print_address_description mm/kasan/report.c:378 [inline]\\n   print_report+0x169/0x550 mm/kasan/report.c:489\\n   kasan_report+0x143/0x180 mm/kasan/report.c:602\\n   __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089\\n   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\\n   __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\\n   _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\\n   class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\\n   try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205\\n   submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615\\n   run_ordered_work fs/btrfs/async-thread.c:288 [inline]\\n   btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324\\n   process_one_work kernel/workqueue.c:3229 [inline]\\n   process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\\n   worker_thread+0x870/0xd30 kernel/workqueue.c:3391\\n   kthread+0x2f0/0x390 kernel/kthread.c:389\\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\\n   \u003c/TASK\u003e\\n\\n  Allocated by task 2:\\n   kasan_save_stack mm/kasan/common.c:47 [inline]\\n   kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\\n   unpoison_slab_object mm/kasan/common.c:319 [inline]\\n   __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\\n   kasan_slab_alloc include/linux/kasan.h:250 [inline]\\n   slab_post_alloc_hook mm/slub.c:4104 [inline]\\n   slab_alloc_node mm/slub.c:4153 [inline]\\n   kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4205\\n   alloc_task_struct_node kernel/fork.c:180 [inline]\\n   dup_task_struct+0x57/0x8c0 kernel/fork.c:1113\\n   copy_process+0x5d1/0x3d50 kernel/fork.c:2225\\n   kernel_clone+0x223/0x870 kernel/fork.c:2807\\n   kernel_thread+0x1bc/0x240 kernel/fork.c:2869\\n   create_kthread kernel/kthread.c:412 [inline]\\n   kthreadd+0x60d/0x810 kernel/kthread.c:767\\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\\n\\n  Freed by task 24:\\n   kasan_save_stack mm/kasan/common.c:47 [inline]\\n   kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\\n   kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\\n   poison_slab_object mm/kasan/common.c:247 [inline]\\n   __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\\n   kasan_slab_free include/linux/kasan.h:233 [inline]\\n   slab_free_hook mm/slub.c:2338 [inline]\\n   slab_free mm/slub.c:4598 [inline]\\n   kmem_cache_free+0x195/0x410 mm/slub.c:4700\\n   put_task_struct include/linux/sched/task.h:144 [inline]\\n   delayed_put_task_struct+0x125/0x300 kernel/exit.c:227\\n   rcu_do_batch kernel/rcu/tree.c:2567 [inline]\\n   rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823\\n   handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554\\n   run_ksoftirqd+0xca/0x130 kernel/softirq.c:943\\n  \\n---truncated---\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-01-20T06:29:06.443Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-57896\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-11T15:45:19.574Z\", \"dateReserved\": \"2025-01-11T14:45:42.029Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-01-15T13:05:48.310Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2024-57896

Vulnerability from fkie_nvd

Published

2025-01-15 13:15

Modified

2025-02-11 16:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/1ea629e7bb2fb40555e5e01a1b5095df31287017	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/35916b2f96505a18dc7242a115611b718d9de725	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/63f4b594a688bf922e8691f0784679aa7af7988c	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a2718ed1eb8c3611b63f8933c7e68c8821fe2808	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d77a3a99b53d12c061c007cdc96df38825dee476	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f10bef73fb355e3fc85e63a50386798be68ff486	Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	6.13
linux	linux_kernel	6.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B108BF34-DC4E-4111-9959-D325A6BD3B57",
              "versionEndExcluding": "5.10.233",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDBD8FC6-2357-4347-BFA1-B4A4A3039F35",
              "versionEndExcluding": "5.15.176",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B69CE1B-5219-42EB-B7DD-7E7D7F1DB032",
              "versionEndExcluding": "6.1.124",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E6CFF2-92AA-4936-95AB-2D068168A696",
              "versionEndExcluding": "6.6.70",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D13AF97-FFED-4B68-906D-CFE38D0B88DD",
              "versionEndExcluding": "6.12.9",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: flush delalloc workers queue before stopping cleaner kthread during unmount\n\nDuring the unmount path, at close_ctree(), we first stop the cleaner\nkthread, using kthread_stop() which frees the associated task_struct, and\nthen stop and destroy all the work queues. However after we stopped the\ncleaner we may still have a worker from the delalloc_workers queue running\ninode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput(),\nwhich in turn tries to wake up the cleaner kthread - which was already\ndestroyed before, resulting in a use-after-free on the task_struct.\n\nSyzbot reported this with the following stack traces:\n\n  BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089\n  Read of size 8 at addr ffff8880259d2818 by task kworker/u8:3/52\n\n  CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n  Workqueue: btrfs-delalloc btrfs_work_helper\n  Call Trace:\n   \u003cTASK\u003e\n   __dump_stack lib/dump_stack.c:94 [inline]\n   dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n   print_address_description mm/kasan/report.c:378 [inline]\n   print_report+0x169/0x550 mm/kasan/report.c:489\n   kasan_report+0x143/0x180 mm/kasan/report.c:602\n   __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089\n   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n   __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n   _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n   class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\n   try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205\n   submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615\n   run_ordered_work fs/btrfs/async-thread.c:288 [inline]\n   btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324\n   process_one_work kernel/workqueue.c:3229 [inline]\n   process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n   worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n   kthread+0x2f0/0x390 kernel/kthread.c:389\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n   \u003c/TASK\u003e\n\n  Allocated by task 2:\n   kasan_save_stack mm/kasan/common.c:47 [inline]\n   kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n   unpoison_slab_object mm/kasan/common.c:319 [inline]\n   __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\n   kasan_slab_alloc include/linux/kasan.h:250 [inline]\n   slab_post_alloc_hook mm/slub.c:4104 [inline]\n   slab_alloc_node mm/slub.c:4153 [inline]\n   kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4205\n   alloc_task_struct_node kernel/fork.c:180 [inline]\n   dup_task_struct+0x57/0x8c0 kernel/fork.c:1113\n   copy_process+0x5d1/0x3d50 kernel/fork.c:2225\n   kernel_clone+0x223/0x870 kernel/fork.c:2807\n   kernel_thread+0x1bc/0x240 kernel/fork.c:2869\n   create_kthread kernel/kthread.c:412 [inline]\n   kthreadd+0x60d/0x810 kernel/kthread.c:767\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n  Freed by task 24:\n   kasan_save_stack mm/kasan/common.c:47 [inline]\n   kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n   kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n   poison_slab_object mm/kasan/common.c:247 [inline]\n   __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n   kasan_slab_free include/linux/kasan.h:233 [inline]\n   slab_free_hook mm/slub.c:2338 [inline]\n   slab_free mm/slub.c:4598 [inline]\n   kmem_cache_free+0x195/0x410 mm/slub.c:4700\n   put_task_struct include/linux/sched/task.h:144 [inline]\n   delayed_put_task_struct+0x125/0x300 kernel/exit.c:227\n   rcu_do_batch kernel/rcu/tree.c:2567 [inline]\n   rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823\n   handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554\n   run_ksoftirqd+0xca/0x130 kernel/softirq.c:943\n  \n---truncated---"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: vaciar la cola de trabajadores delalloc antes de detener el kthread del limpiador durante el desmontaje Durante la ruta de desmontaje, en close_ctree(), primero detenemos el kthread del limpiador, utilizando kthread_stop() que libera el task_struct asociado, y luego detenemos y destruimos todas las colas de trabajo. Sin embargo, despu\u00e9s de detener el limpiador, es posible que a\u00fan tengamos un trabajador de la cola delalloc_workers ejecutando inode.c:submit_compressed_extents(), que llama a btrfs_add_delayed_iput(), que a su vez intenta despertar el kthread del limpiador, que ya se destruy\u00f3 antes, lo que resulta en un uso despu\u00e9s de la liberaci\u00f3n en el task_struct. Syzbot inform\u00f3 esto con los siguientes seguimientos de pila: ERROR: KASAN: slab-use-after-free en __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8880259d2818 por la tarea kworker/u8:3/52 CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 No contaminado 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024 Cola de trabajo: btrfs-delalloc btrfs_work_helper Seguimiento de llamadas:  __dump_stack lib/dump_stack.c:94 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [en l\u00ednea] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __raw_spin_lock_irqsave incluir/linux/spinlock_api_smp.h:110 [en l\u00ednea] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [en l\u00ednea] try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205 submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615 run_ordered_work fs/btrfs/async-thread.c:288 [en l\u00ednea] btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324 process_one_work kernel/workqueue.c:3229 [en l\u00ednea] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 Asignado por la tarea 2: kasan_save_stack mm/kasan/common.c:47 [en l\u00ednea] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [en l\u00ednea] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [en l\u00ednea] gancho de alloc de publicaci\u00f3n de losa mm/slub.c:4104 [en l\u00ednea] nodo de alloc de losa mm/slub.c:4153 [en l\u00ednea] nodo de alloc de cach\u00e9 kmem_noprof+0x1d9/0x380 mm/slub.c:4205 nodo de estructura de tareas de asignaci\u00f3n kernel/fork.c:180 [en l\u00ednea] estructura de tareas dup+0x57/0x8c0 kernel/fork.c:1113 proceso de copia+0x5d1/0x3d50 kernel/fork.c:2225 clon de kernel+0x223/0x870 kernel/fork.c:2807 kernel_thread+0x1bc/0x240 kernel/fork.c:2869 create_kthread kernel/kthread.c:412 [en l\u00ednea] kthreadd+0x60d/0x810 kernel/kthread.c:767 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Liberado por la tarea 24: kasan_save_stack mm/kasan/common.c:47 [en l\u00ednea] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582 poison_slab_object mm/kasan/common.c:247 [en l\u00ednea] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [en l\u00ednea] gancho slab_free mm/slub.c:2338 [en l\u00ednea] slab_free mm/slub.c:4598 [en l\u00ednea] kmem_cache_free+0x195/0x410 mm/slub.c:4700 put_task_struct include/linux/sched/task.h:144 [en l\u00ednea] delayed_put_task_struct+0x125/0x300 kernel/exit.c:227 rcu_do_batch kernel/rcu/tree.c:2567 [en l\u00ednea] rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:943 ---truncado---"
    }
  ],
  "id": "CVE-2024-57896",
  "lastModified": "2025-02-11T16:15:49.050",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-15T13:15:14.200",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/1ea629e7bb2fb40555e5e01a1b5095df31287017"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/35916b2f96505a18dc7242a115611b718d9de725"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/63f4b594a688bf922e8691f0784679aa7af7988c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a2718ed1eb8c3611b63f8933c7e68c8821fe2808"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d77a3a99b53d12c061c007cdc96df38825dee476"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f10bef73fb355e3fc85e63a50386798be68ff486"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

ghsa-w28c-hqg3-44gm

Vulnerability from github

Published

2025-01-15 15:31

Modified

2025-01-21 18:31

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount

During the unmount path, at close_ctree(), we first stop the cleaner kthread, using kthread_stop() which frees the associated task_struct, and then stop and destroy all the work queues. However after we stopped the cleaner we may still have a worker from the delalloc_workers queue running inode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput(), which in turn tries to wake up the cleaner kthread - which was already destroyed before, resulting in a use-after-free on the task_struct.

Syzbot reported this with the following stack traces:

BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 Read of size 8 at addr ffff8880259d2818 by task kworker/u8:3/52

CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: btrfs-delalloc btrfs_work_helper Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline] try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205 submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615 run_ordered_work fs/btrfs/async-thread.c:288 [inline] btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Allocated by task 2: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4104 [inline] slab_alloc_node mm/slub.c:4153 [inline] kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4205 alloc_task_struct_node kernel/fork.c:180 [inline] dup_task_struct+0x57/0x8c0 kernel/fork.c:1113 copy_process+0x5d1/0x3d50 kernel/fork.c:2225 kernel_clone+0x223/0x870 kernel/fork.c:2807 kernel_thread+0x1bc/0x240 kernel/fork.c:2869 create_kthread kernel/kthread.c:412 [inline] kthreadd+0x60d/0x810 kernel/kthread.c:767 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Freed by task 24: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2338 [inline] slab_free mm/slub.c:4598 [inline] kmem_cache_free+0x195/0x410 mm/slub.c:4700 put_task_struct include/linux/sched/task.h:144 [inline] delayed_put_task_struct+0x125/0x300 kernel/exit.c:227 rcu_do_batch kernel/rcu/tree.c:2567 [inline] rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:943

---truncated---

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-57896"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-15T13:15:14Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: flush delalloc workers queue before stopping cleaner kthread during unmount\n\nDuring the unmount path, at close_ctree(), we first stop the cleaner\nkthread, using kthread_stop() which frees the associated task_struct, and\nthen stop and destroy all the work queues. However after we stopped the\ncleaner we may still have a worker from the delalloc_workers queue running\ninode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput(),\nwhich in turn tries to wake up the cleaner kthread - which was already\ndestroyed before, resulting in a use-after-free on the task_struct.\n\nSyzbot reported this with the following stack traces:\n\n  BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089\n  Read of size 8 at addr ffff8880259d2818 by task kworker/u8:3/52\n\n  CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n  Workqueue: btrfs-delalloc btrfs_work_helper\n  Call Trace:\n   \u003cTASK\u003e\n   __dump_stack lib/dump_stack.c:94 [inline]\n   dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n   print_address_description mm/kasan/report.c:378 [inline]\n   print_report+0x169/0x550 mm/kasan/report.c:489\n   kasan_report+0x143/0x180 mm/kasan/report.c:602\n   __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089\n   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n   __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n   _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n   class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\n   try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205\n   submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615\n   run_ordered_work fs/btrfs/async-thread.c:288 [inline]\n   btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324\n   process_one_work kernel/workqueue.c:3229 [inline]\n   process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n   worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n   kthread+0x2f0/0x390 kernel/kthread.c:389\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n   \u003c/TASK\u003e\n\n  Allocated by task 2:\n   kasan_save_stack mm/kasan/common.c:47 [inline]\n   kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n   unpoison_slab_object mm/kasan/common.c:319 [inline]\n   __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\n   kasan_slab_alloc include/linux/kasan.h:250 [inline]\n   slab_post_alloc_hook mm/slub.c:4104 [inline]\n   slab_alloc_node mm/slub.c:4153 [inline]\n   kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4205\n   alloc_task_struct_node kernel/fork.c:180 [inline]\n   dup_task_struct+0x57/0x8c0 kernel/fork.c:1113\n   copy_process+0x5d1/0x3d50 kernel/fork.c:2225\n   kernel_clone+0x223/0x870 kernel/fork.c:2807\n   kernel_thread+0x1bc/0x240 kernel/fork.c:2869\n   create_kthread kernel/kthread.c:412 [inline]\n   kthreadd+0x60d/0x810 kernel/kthread.c:767\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n  Freed by task 24:\n   kasan_save_stack mm/kasan/common.c:47 [inline]\n   kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n   kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n   poison_slab_object mm/kasan/common.c:247 [inline]\n   __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n   kasan_slab_free include/linux/kasan.h:233 [inline]\n   slab_free_hook mm/slub.c:2338 [inline]\n   slab_free mm/slub.c:4598 [inline]\n   kmem_cache_free+0x195/0x410 mm/slub.c:4700\n   put_task_struct include/linux/sched/task.h:144 [inline]\n   delayed_put_task_struct+0x125/0x300 kernel/exit.c:227\n   rcu_do_batch kernel/rcu/tree.c:2567 [inline]\n   rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823\n   handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554\n   run_ksoftirqd+0xca/0x130 kernel/softirq.c:943\n  \n---truncated---",
  "id": "GHSA-w28c-hqg3-44gm",
  "modified": "2025-01-21T18:31:05Z",
  "published": "2025-01-15T15:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57896"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1ea629e7bb2fb40555e5e01a1b5095df31287017"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/35916b2f96505a18dc7242a115611b718d9de725"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/63f4b594a688bf922e8691f0784679aa7af7988c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a2718ed1eb8c3611b63f8933c7e68c8821fe2808"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d77a3a99b53d12c061c007cdc96df38825dee476"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f10bef73fb355e3fc85e63a50386798be68ff486"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

wid-sec-w-2025-0105

Vulnerability from csaf_certbund

Published

2025-01-15 23:00

Modified

2025-01-15 23:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0105 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0105.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0105 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0105"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-36476",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011531-CVE-2024-36476-b2a1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-39282",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011532-CVE-2024-39282-491b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-53681",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011532-CVE-2024-53681-e199@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-54031",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011532-CVE-2024-54031-f640@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57795",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011533-CVE-2024-57795-e560@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57801",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011533-CVE-2024-57801-6479@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57802",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011533-CVE-2024-57802-c728@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57841",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011534-CVE-2024-57841-751f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57844",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011534-CVE-2024-57844-a3cd@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57857",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011534-CVE-2024-57857-29db@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57882",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011507-CVE-2024-57882-8f05@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57883",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011510-CVE-2024-57883-b603@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57884",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011510-CVE-2024-57884-4cf8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57885",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011510-CVE-2024-57885-ea46@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57886",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011511-CVE-2024-57886-9059@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57887",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011511-CVE-2024-57887-db31@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57888",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011511-CVE-2024-57888-0b38@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57889",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011512-CVE-2024-57889-a2a5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57890",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011512-CVE-2024-57890-aaf3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57891",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011512-CVE-2024-57891-06ef@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57892",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011513-CVE-2024-57892-6d53@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57893",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011513-CVE-2024-57893-b263@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57894",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011513-CVE-2024-57894-fbfe@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57895",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011514-CVE-2024-57895-9034@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57896",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011514-CVE-2024-57896-af67@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57897",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011514-CVE-2024-57897-de29@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57898",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011515-CVE-2024-57898-bfde@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57899",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011515-CVE-2024-57899-0b1c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57900",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011515-CVE-2024-57900-72ad@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57901",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011516-CVE-2024-57901-1f9e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57902",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011516-CVE-2024-57902-7ddb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57903",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011517-CVE-2024-57903-fd2a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-21629",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011517-CVE-2025-21629-e230@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-21630",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011517-CVE-2025-21630-7665@gregkh/"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2025-01-15T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-16T11:43:17.808+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2025-0105",
      "initial_release_date": "2025-01-15T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-01-15T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T040361",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-36476",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-36476"
    },
    {
      "cve": "CVE-2024-39282",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-39282"
    },
    {
      "cve": "CVE-2024-53681",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-53681"
    },
    {
      "cve": "CVE-2024-54031",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-54031"
    },
    {
      "cve": "CVE-2024-57795",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57795"
    },
    {
      "cve": "CVE-2024-57801",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57801"
    },
    {
      "cve": "CVE-2024-57802",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57802"
    },
    {
      "cve": "CVE-2024-57841",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57841"
    },
    {
      "cve": "CVE-2024-57844",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57844"
    },
    {
      "cve": "CVE-2024-57857",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57857"
    },
    {
      "cve": "CVE-2024-57882",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57882"
    },
    {
      "cve": "CVE-2024-57883",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57883"
    },
    {
      "cve": "CVE-2024-57884",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57884"
    },
    {
      "cve": "CVE-2024-57885",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57885"
    },
    {
      "cve": "CVE-2024-57886",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57886"
    },
    {
      "cve": "CVE-2024-57887",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57887"
    },
    {
      "cve": "CVE-2024-57888",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57888"
    },
    {
      "cve": "CVE-2024-57889",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57889"
    },
    {
      "cve": "CVE-2024-57890",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57890"
    },
    {
      "cve": "CVE-2024-57891",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57891"
    },
    {
      "cve": "CVE-2024-57892",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57892"
    },
    {
      "cve": "CVE-2024-57893",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57893"
    },
    {
      "cve": "CVE-2024-57894",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57894"
    },
    {
      "cve": "CVE-2024-57895",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57895"
    },
    {
      "cve": "CVE-2024-57896",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57896"
    },
    {
      "cve": "CVE-2024-57897",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57897"
    },
    {
      "cve": "CVE-2024-57898",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57898"
    },
    {
      "cve": "CVE-2024-57899",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57899"
    },
    {
      "cve": "CVE-2024-57900",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57900"
    },
    {
      "cve": "CVE-2024-57901",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57901"
    },
    {
      "cve": "CVE-2024-57902",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57902"
    },
    {
      "cve": "CVE-2024-57903",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57903"
    },
    {
      "cve": "CVE-2025-21629",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2025-21629"
    },
    {
      "cve": "CVE-2025-21630",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2025-21630"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2024-57896

Vulnerability from cvelistv5

fkie_cve-2024-57896

Vulnerability from fkie_nvd

ghsa-w28c-hqg3-44gm

Vulnerability from github

wid-sec-w-2025-0105

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature