-

CVE-2022-50755

In the Linux kernel, the following vulnerability has been resolved:

udf: Avoid double brelse() in udf_rename()

syzbot reported a warning like below [1]:

VFS: brelse: Trying to free free buffer
WARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 __brelse+0x67/0xa0
...
Call Trace:
 <TASK>
 invalidate_bh_lru+0x99/0x150
 smp_call_function_many_cond+0xe2a/0x10c0
 ? generic_remap_file_range_prep+0x50/0x50
 ? __brelse+0xa0/0xa0
 ? __mutex_lock+0x21c/0x12d0
 ? smp_call_on_cpu+0x250/0x250
 ? rcu_read_lock_sched_held+0xb/0x60
 ? lock_release+0x587/0x810
 ? __brelse+0xa0/0xa0
 ? generic_remap_file_range_prep+0x50/0x50
 on_each_cpu_cond_mask+0x3c/0x80
 blkdev_flush_mapping+0x13a/0x2f0
 blkdev_put_whole+0xd3/0xf0
 blkdev_put+0x222/0x760
 deactivate_locked_super+0x96/0x160
 deactivate_super+0xda/0x100
 cleanup_mnt+0x222/0x3d0
 task_work_run+0x149/0x240
 ? task_work_cancel+0x30/0x30
 do_exit+0xb29/0x2a40
 ? reacquire_held_locks+0x4a0/0x4a0
 ? do_raw_spin_lock+0x12a/0x2b0
 ? mm_update_next_owner+0x7c0/0x7c0
 ? rwlock_bug.part.0+0x90/0x90
 ? zap_other_threads+0x234/0x2d0
 do_group_exit+0xd0/0x2a0
 __x64_sys_exit_group+0x3a/0x50
 do_syscall_64+0x34/0xb0
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

The cause of the issue is that brelse() is called on both ofibh.sbh
and ofibh.ebh by udf_find_entry() when it returns NULL.  However,
brelse() is called by udf_rename(), too.  So, b_count on buffer_head
becomes unbalanced.

This patch fixes the issue by not calling brelse() by udf_rename()
when udf_find_entry() returns NULL.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 78eba2778ae10fb2a9d450e14d26eb6f6bf1f906
Version 231473f6ddcef9c01993e0bfe36acc6f8e425c31
Status affected
Version < 9d2cad69547abea961fa80426d600b861de1952b
Version 231473f6ddcef9c01993e0bfe36acc6f8e425c31
Status affected
Version < d6da7ec0f94f5208c848e0e94b70f54a0bd9c587
Version 231473f6ddcef9c01993e0bfe36acc6f8e425c31
Status affected
Version < 156d440dea97deada629bb51cb17887abd862605
Version 231473f6ddcef9c01993e0bfe36acc6f8e425c31
Status affected
Version < 40dba68d418237b1ae2beaa06d46a94dd946278e
Version 231473f6ddcef9c01993e0bfe36acc6f8e425c31
Status affected
Version < e7a6a53c871460727be09f4414ccb29fb8697526
Version 231473f6ddcef9c01993e0bfe36acc6f8e425c31
Status affected
Version < 4fca09045509f5bde8fc28e68fbca38cb4bdcf2e
Version 231473f6ddcef9c01993e0bfe36acc6f8e425c31
Status affected
Version < 090bf49833c51da297ec74f98ad2bf44daea9311
Version 231473f6ddcef9c01993e0bfe36acc6f8e425c31
Status affected
Version < c791730f2554a9ebb8f18df9368dc27d4ebc38c2
Version 231473f6ddcef9c01993e0bfe36acc6f8e425c31
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 4.2
Status affected
Version < 4.2
Version 0
Status unaffected
Version <= 4.9.*
Version 4.9.337
Status unaffected
Version <= 4.14.*
Version 4.14.303
Status unaffected
Version <= 4.19.*
Version 4.19.270
Status unaffected
Version <= 5.4.*
Version 5.4.229
Status unaffected
Version <= 5.10.*
Version 5.10.163
Status unaffected
Version <= 5.15.*
Version 5.15.86
Status unaffected
Version <= 6.0.*
Version 6.0.16
Status unaffected
Version <= 6.1.*
Version 6.1.2
Status unaffected
Version <= *
Version 6.2
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.146
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.