fkie_cve-2025-21654
Vulnerability from fkie_nvd
Published
2025-01-19 11:15
Modified
2025-01-24 16:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ovl: support encoding fid from inode with no alias Dmitry Safonov reported that a WARN_ON() assertion can be trigered by userspace when calling inotify_show_fdinfo() for an overlayfs watched inode, whose dentry aliases were discarded with drop_caches. The WARN_ON() assertion in inotify_show_fdinfo() was removed, because it is possible for encoding file handle to fail for other reason, but the impact of failing to encode an overlayfs file handle goes beyond this assertion. As shown in the LTP test case mentioned in the link below, failure to encode an overlayfs file handle from a non-aliased inode also leads to failure to report an fid with FAN_DELETE_SELF fanotify events. As Dmitry notes in his analyzis of the problem, ovl_encode_fh() fails if it cannot find an alias for the inode, but this failure can be fixed. ovl_encode_fh() seldom uses the alias and in the case of non-decodable file handles, as is often the case with fanotify fid info, ovl_encode_fh() never needs to use the alias to encode a file handle. Defer finding an alias until it is actually needed so ovl_encode_fh() will not fail in the common case of FAN_DELETE_SELF fanotify events.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3c7c90274ae339e1ad443c9be1c67a20b80b9c76
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c45beebfde34aa71afbc48b2c54cdda623515037
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f0c0ac84de17c37e6e84da65fb920f91dada55ad
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: support encoding fid from inode with no alias\n\nDmitry Safonov reported that a WARN_ON() assertion can be trigered by\nuserspace when calling inotify_show_fdinfo() for an overlayfs watched\ninode, whose dentry aliases were discarded with drop_caches.\n\nThe WARN_ON() assertion in inotify_show_fdinfo() was removed, because\nit is possible for encoding file handle to fail for other reason, but\nthe impact of failing to encode an overlayfs file handle goes beyond\nthis assertion.\n\nAs shown in the LTP test case mentioned in the link below, failure to\nencode an overlayfs file handle from a non-aliased inode also leads to\nfailure to report an fid with FAN_DELETE_SELF fanotify events.\n\nAs Dmitry notes in his analyzis of the problem, ovl_encode_fh() fails\nif it cannot find an alias for the inode, but this failure can be fixed.\novl_encode_fh() seldom uses the alias and in the case of non-decodable\nfile handles, as is often the case with fanotify fid info,\novl_encode_fh() never needs to use the alias to encode a file handle.\n\nDefer finding an alias until it is actually needed so ovl_encode_fh()\nwill not fail in the common case of FAN_DELETE_SELF fanotify events."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ovl: soporte para codificar fid desde un inodo sin alias Dmitry Safonov inform\u00f3 que una aserci\u00f3n WARN_ON() puede ser activada por el espacio de usuario al llamar a inotify_show_fdinfo() para un inodo vigilado por overlayfs, cuyos alias dentry se descartaron con drop_caches. La aserci\u00f3n WARN_ON() en inotify_show_fdinfo() se elimin\u00f3, porque es posible que la codificaci\u00f3n del identificador de archivo falle por otra raz\u00f3n, pero el impacto de no codificar un identificador de archivo overlayfs va m\u00e1s all\u00e1 de esta aserci\u00f3n. Como se muestra en el caso de prueba LTP mencionado en el enlace a continuaci\u00f3n, no codificar un identificador de archivo overlayfs desde un inodo sin alias tambi\u00e9n conduce a no informar un fid con eventos fanotify FAN_DELETE_SELF. Como Dmitry se\u00f1ala en su an\u00e1lisis del problema, ovl_encode_fh() falla si no puede encontrar un alias para el inodo, pero este error se puede solucionar. ovl_encode_fh() rara vez usa el alias y en el caso de identificadores de archivos no decodificables, como suele ser el caso con la informaci\u00f3n de fid de fanotify, ovl_encode_fh() nunca necesita usar el alias para codificar un identificador de archivo. Aplaza la b\u00fasqueda de un alias hasta que realmente sea necesario para que ovl_encode_fh() no falle en el caso com\u00fan de eventos de fanotify FAN_DELETE_SELF."
    }
  ],
  "id": "CVE-2025-21654",
  "lastModified": "2025-01-24T16:15:38.177",
  "metrics": {},
  "published": "2025-01-19T11:15:11.040",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3c7c90274ae339e1ad443c9be1c67a20b80b9c76"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c45beebfde34aa71afbc48b2c54cdda623515037"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f0c0ac84de17c37e6e84da65fb920f91dada55ad"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.