fkie_cve-2024-47726
Vulnerability from fkie_nvd
Published
2024-10-21 13:15
Modified
2025-03-13 13:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3aa5254d80969cb576601fb9fec7a188cc8dc169
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7be13b73409b553d9d9a6cbb042b4d19e2631cc7
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/96cfeb0389530ae32ade8a48ae3ae1ac3b6c009dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c2a7fc514637f640ff55c3f3e3ed879970814a3f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e3db757ff9b7101ae68650ac5f6dd5743b68164ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f81302decd64245bb1bd154ecae0f65a9ee21f04
Impacted products
Vendor Product Version
linux linux_kernel *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2235E7DC-717F-4BE0-AC47-34A75D29E6BD",
                     versionEndExcluding: "6.11.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to wait dio completion\n\nIt should wait all existing dio write IOs before block removal,\notherwise, previous direct write IO may overwrite data in the\nblock which may be reused by other inode.",
      },
      {
         lang: "es",
         value: "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrección para esperar la finalización de dio Se debe esperar todas las E/S de escritura de dio existentes antes de eliminar el bloque; de lo contrario, las E/S de escritura directa anteriores pueden sobrescribir los datos en el bloque que pueden ser reutilizados por otro inodo.",
      },
   ],
   id: "CVE-2024-47726",
   lastModified: "2025-03-13T13:15:41.447",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-10-21T13:15:02.767",
   references: [
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/3aa5254d80969cb576601fb9fec7a188cc8dc169",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/7be13b73409b553d9d9a6cbb042b4d19e2631cc7",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/c2a7fc514637f640ff55c3f3e3ed879970814a3f",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/e3db757ff9b7101ae68650ac5f6dd5743b68164e",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/f81302decd64245bb1bd154ecae0f65a9ee21f04",
      },
   ],
   sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.