fkie_cve-2024-56744
Vulnerability from fkie_nvd
Published
2024-12-29 12:15
Modified
2025-04-16 19:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() syzbot reports deadlock issue of f2fs as below: ====================================================== WARNING: possible circular locking dependency detected 6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 Not tainted ------------------------------------------------------ kswapd0/79 is trying to acquire lock: ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2199 [inline] ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068 but task is already holding lock: ffff88804bd92610 (sb_internal#2){.+.+}-{0:0}, at: f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (sb_internal#2){.+.+}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 percpu_down_read include/linux/percpu-rwsem.h:51 [inline] __sb_start_write include/linux/fs.h:1716 [inline] sb_start_intwrite+0x4d/0x1c0 include/linux/fs.h:1899 f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 evict+0x4e8/0x9b0 fs/inode.c:725 f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807 evict+0x4e8/0x9b0 fs/inode.c:725 dispose_list fs/inode.c:774 [inline] prune_icache_sb+0x239/0x2f0 fs/inode.c:963 super_cache_scan+0x38c/0x4b0 fs/super.c:223 do_shrink_slab+0x701/0x1160 mm/shrinker.c:435 shrink_slab+0x1093/0x14d0 mm/shrinker.c:662 shrink_one+0x43b/0x850 mm/vmscan.c:4818 shrink_many mm/vmscan.c:4879 [inline] lru_gen_shrink_node mm/vmscan.c:4957 [inline] shrink_node+0x3799/0x3de0 mm/vmscan.c:5937 kswapd_shrink_node mm/vmscan.c:6765 [inline] balance_pgdat mm/vmscan.c:6957 [inline] kswapd+0x1ca3/0x3700 mm/vmscan.c:7226 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #1 (fs_reclaim){+.+.}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __fs_reclaim_acquire mm/page_alloc.c:3834 [inline] fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3848 might_alloc include/linux/sched/mm.h:318 [inline] prepare_alloc_pages+0x147/0x5b0 mm/page_alloc.c:4493 __alloc_pages_noprof+0x16f/0x710 mm/page_alloc.c:4722 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 alloc_pages_noprof mm/mempolicy.c:2345 [inline] folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2352 filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1010 do_read_cache_folio+0x2eb/0x850 mm/filemap.c:3787 read_mapping_folio include/linux/pagemap.h:1011 [inline] f2fs_commit_super+0x3c0/0x7d0 fs/f2fs/super.c:4032 f2fs_record_stop_reason+0x13b/0x1d0 fs/f2fs/super.c:4079 f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174 f2fs_write_inode+0x35f/0x4d0 fs/f2fs/inode.c:785 write_inode fs/fs-writeback.c:1503 [inline] __writeback_single_inode+0x711/0x10d0 fs/fs-writeback.c:1723 writeback_single_inode+0x1f3/0x660 fs/fs-writeback.c:1779 sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2849 f2fs_release_file+0xa8/0x100 fs/f2fs/file.c:1941 __fput+0x23f/0x880 fs/file_table.c:431 task_work_run+0x24f/0x310 kernel/task_work.c:228 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f ---truncated---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1539a088b108996bcdaddb7775070b5163b14233Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/801092a2c9c251ef6a8678fcb8fcc1220474a697Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ecf4e6782b01fd578b565b3dd2be7bb0ac91082ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f10a890308a7cd8794e21f646f09827c6cb4bf5dPatch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D19234B8-D413-446B-AEF8-3A02C2A03442",
                     versionEndExcluding: "6.6.64",
                     versionStartIncluding: "6.4.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "21434379-192D-472F-9B54-D45E3650E893",
                     versionEndExcluding: "6.11.11",
                     versionStartIncluding: "6.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8882B1B-2ABC-4838-AC1D-DBDBB5764776",
                     versionEndExcluding: "6.12.2",
                     versionStartIncluding: "6.12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential deadlock in f2fs_record_stop_reason()\n\nsyzbot reports deadlock issue of f2fs as below:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 Not tainted\n------------------------------------------------------\nkswapd0/79 is trying to acquire lock:\nffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2199 [inline]\nffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068\n\nbut task is already holding lock:\nffff88804bd92610 (sb_internal#2){.+.+}-{0:0}, at: f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #2 (sb_internal#2){.+.+}-{0:0}:\n       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n       percpu_down_read include/linux/percpu-rwsem.h:51 [inline]\n       __sb_start_write include/linux/fs.h:1716 [inline]\n       sb_start_intwrite+0x4d/0x1c0 include/linux/fs.h:1899\n       f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842\n       evict+0x4e8/0x9b0 fs/inode.c:725\n       f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807\n       evict+0x4e8/0x9b0 fs/inode.c:725\n       dispose_list fs/inode.c:774 [inline]\n       prune_icache_sb+0x239/0x2f0 fs/inode.c:963\n       super_cache_scan+0x38c/0x4b0 fs/super.c:223\n       do_shrink_slab+0x701/0x1160 mm/shrinker.c:435\n       shrink_slab+0x1093/0x14d0 mm/shrinker.c:662\n       shrink_one+0x43b/0x850 mm/vmscan.c:4818\n       shrink_many mm/vmscan.c:4879 [inline]\n       lru_gen_shrink_node mm/vmscan.c:4957 [inline]\n       shrink_node+0x3799/0x3de0 mm/vmscan.c:5937\n       kswapd_shrink_node mm/vmscan.c:6765 [inline]\n       balance_pgdat mm/vmscan.c:6957 [inline]\n       kswapd+0x1ca3/0x3700 mm/vmscan.c:7226\n       kthread+0x2f0/0x390 kernel/kthread.c:389\n       ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n-> #1 (fs_reclaim){+.+.}-{0:0}:\n       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n       __fs_reclaim_acquire mm/page_alloc.c:3834 [inline]\n       fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3848\n       might_alloc include/linux/sched/mm.h:318 [inline]\n       prepare_alloc_pages+0x147/0x5b0 mm/page_alloc.c:4493\n       __alloc_pages_noprof+0x16f/0x710 mm/page_alloc.c:4722\n       alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265\n       alloc_pages_noprof mm/mempolicy.c:2345 [inline]\n       folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2352\n       filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1010\n       do_read_cache_folio+0x2eb/0x850 mm/filemap.c:3787\n       read_mapping_folio include/linux/pagemap.h:1011 [inline]\n       f2fs_commit_super+0x3c0/0x7d0 fs/f2fs/super.c:4032\n       f2fs_record_stop_reason+0x13b/0x1d0 fs/f2fs/super.c:4079\n       f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174\n       f2fs_write_inode+0x35f/0x4d0 fs/f2fs/inode.c:785\n       write_inode fs/fs-writeback.c:1503 [inline]\n       __writeback_single_inode+0x711/0x10d0 fs/fs-writeback.c:1723\n       writeback_single_inode+0x1f3/0x660 fs/fs-writeback.c:1779\n       sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2849\n       f2fs_release_file+0xa8/0x100 fs/f2fs/file.c:1941\n       __fput+0x23f/0x880 fs/file_table.c:431\n       task_work_run+0x24f/0x310 kernel/task_work.c:228\n       resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n       exit_to_user_mode_loop kernel/entry/common.c:114 [inline]\n       exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]\n       __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n       syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218\n       do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89\n       entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n---truncated---",
      },
      {
         lang: "es",
         value: "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrección para evitar un posible bloqueo en f2fs_record_stop_reason() syzbot informa un problema de bloqueo de f2fs como se muestra a continuación: ========================================================= ADVERTENCIA: se detectó una posible dependencia de bloqueo circular 6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 No contaminado ------------------------------------------------------ kswapd0/79 está intentando adquirir el bloqueo: ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, en: f2fs_down_write fs/f2fs/f2fs.h:2199 [inline] ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, en: f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068 pero la tarea ya tiene el bloqueo: ffff88804bd92610 (sb_internal#2){.+.+}-{0:0}, en: f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 cuyo bloqueo ya depende del nuevo bloqueo. la cadena de dependencia existente (en orden inverso) es: -> #2 (sb_internal#2){.+.+}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 percpu_down_read include/linux/percpu-rwsem.h:51 [en línea] __sb_start_write include/linux/fs.h:1716 [en línea] sb_start_intwrite+0x4d/0x1c0 include/linux/fs.h:1899 f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 evict+0x4e8/0x9b0 fs/inode.c:725 f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807 desalojar+0x4e8/0x9b0 fs/inode.c:725 lista_de_eliminación fs/inode.c:774 [en línea] podar_icache_sb+0x239/0x2f0 fs/inode.c:963 super_cache_scan+0x38c/0x4b0 fs/super.c:223 encoger_losa+0x701/0x1160 mm/shrinker.c:435 encoger_losa+0x1093/0x14d0 mm/shrinker.c:662 encoger_uno+0x43b/0x850 mm/vmscan.c:4818 encoger_muchos mm/vmscan.c:4879 [en línea] nodo_de_encogimiento_lru_gen mm/vmscan.c:4957 [en línea] nodo_reducción+0x3799/0x3de0 mm/vmscan.c:5937 nodo_reducción_kswapd mm/vmscan.c:6765 [en línea] balance_pgdat mm/vmscan.c:6957 [en línea] kswapd+0x1ca3/0x3700 mm/vmscan.c:7226 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_de_la_bifurcación+0x4b/0x80 arch/x86/kernel/process.c:147 ret_de_la_bifurcación_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #1 (fs_reclaim){+.+.}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __fs_reclaim_acquire mm/page_alloc.c:3834 [en línea] fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3848 might_alloc include/linux/sched/mm.h:318 [en línea] prepare_alloc_pages+0x147/0x5b0 mm/page_alloc.c:4493 __alloc_pages_noprof+0x16f/0x710 mm/page_alloc.c:4722 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 alloc_pages_noprof mm/mempolicy.c:2345 [en línea] folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2352 filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1010 do_read_cache_folio+0x2eb/0x850 mm/filemap.c:3787 read_mapping_folio include/linux/pagemap.h:1011 [en línea] f2fs_commit_super+0x3c0/0x7d0 fs/f2fs/super.c:4032 f2fs_record_stop_reason+0x13b/0x1d0 fs/f2fs/super.c:4079 f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174 f2fs_write_inode+0x35f/0x4d0 fs/f2fs/inode.c:785 escritura_inodo fs/fs-writeback.c:1503 [en línea] __writeback_single_inode+0x711/0x10d0 fs/fs-writeback.c:1723 escritura_inversa_single_inode+0x1f3/0x660 fs/fs-writeback.c:1779 sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2849 f2fs_release_file+0xa8/0x100 fs/f2fs/file.c:1941 __fput+0x23f/0x880 fs/file_table.c:431 tarea_trabajo_ejecutar+0x24f/0x310 kernel/tarea_trabajo.c:228 reanudar_modo_usuario_trabajo include/linux/reanudar_modo_usuario.h:50 [en línea] salir_al_bucle_modo_usuario kernel/entrada/común.c:114 [en línea] salir_al_bucle_modo_usuario_preparar include/linux/entrada-común.h:328 [en línea] __syscall_salir_al_modo_usuario_trabajo kernel/entrada/común.c:207 [en línea] syscall_salir_al_modo_usuario_trabajo+0x168/0x370 kernel/entrada/común.c:218 hacer_syscall_64+0x100/0x230 arch/x86/entrada/común.c:89 entrada_SYSCALL_64_after_hwframe+0x77/0x7f ---truncado---",
      },
   ],
   id: "CVE-2024-56744",
   lastModified: "2025-04-16T19:15:52.783",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-12-29T12:15:07.817",
   references: [
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/1539a088b108996bcdaddb7775070b5163b14233",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/801092a2c9c251ef6a8678fcb8fcc1220474a697",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/ecf4e6782b01fd578b565b3dd2be7bb0ac91082e",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/f10a890308a7cd8794e21f646f09827c6cb4bf5d",
      },
   ],
   sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-667",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.