5.5

CVE-2023-53440

nilfs2: fix sysfs interface lifetime

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix sysfs interface lifetime

The current nilfs2 sysfs support has issues with the timing of creation
and deletion of sysfs entries, potentially leading to null pointer
dereferences, use-after-free, and lockdep warnings.

Some of the sysfs attributes for nilfs2 per-filesystem instance refer to
metadata file "cpfile", "sufile", or "dat", but
nilfs_sysfs_create_device_group that creates those attributes is executed
before the inodes for these metadata files are loaded, and
nilfs_sysfs_delete_device_group which deletes these sysfs entries is
called after releasing their metadata file inodes.

Therefore, access to some of these sysfs attributes may occur outside of
the lifetime of these metadata files, resulting in inode NULL pointer
dereferences or use-after-free.

In addition, the call to nilfs_sysfs_create_device_group() is made during
the locking period of the semaphore "ns_sem" of nilfs object, so the
shrinker call caused by the memory allocation for the sysfs entries, may
derive lock dependencies "ns_sem" -> (shrinker) -> "locks acquired in
nilfs_evict_inode()".

Since nilfs2 may acquire "ns_sem" deep in the call stack holding other
locks via its error handler __nilfs_error(), this causes lockdep to report
circular locking.  This is a false positive and no circular locking
actually occurs as no inodes exist yet when
nilfs_sysfs_create_device_group() is called.  Fortunately, the lockdep
warnings can be resolved by simply moving the call to
nilfs_sysfs_create_device_group() out of "ns_sem".

This fixes these sysfs issues by revising where the device's sysfs
interface is created/deleted and keeping its lifetime within the lifetime
of the metadata files above.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.17 < 4.14.313
LinuxLinux Kernel Version >= 4.15 < 4.19.281
LinuxLinux Kernel Version >= 4.20 < 5.4.241
LinuxLinux Kernel Version >= 5.5 < 5.10.178
LinuxLinux Kernel Version >= 5.11 < 5.15.107
LinuxLinux Kernel Version >= 5.16 < 6.1.24
LinuxLinux Kernel Version >= 6.2 < 6.2.11
LinuxLinux Kernel Version6.3 Updaterc1
LinuxLinux Kernel Version6.3 Updaterc2
LinuxLinux Kernel Version6.3 Updaterc3
LinuxLinux Kernel Version6.3 Updaterc4
LinuxLinux Kernel Version6.3 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.03
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/1942ccb7d95f287a312fcbabfa8bc9ba501b1953
Patch
https://git.kernel.org/stable/c/3dbee84bf9e3273c4bb9ca6fc18ff22fba23dd24
Patch
https://git.kernel.org/stable/c/42560f9c92cc43dce75dbf06cc0d840dced39b12
Patch
https://git.kernel.org/stable/c/5fe0ea141fbb887d407f1bf572ebf24427480d5c
Patch
https://git.kernel.org/stable/c/83b16a60e413148685739635901937e2f16a7873
Patch
https://git.kernel.org/stable/c/d20dcec8f326deb77b6688f8441e014045dac457
Patch
https://git.kernel.org/stable/c/d540aea451ab5489777a8156560f1388449b3109
Patch
https://git.kernel.org/stable/c/daf4eb3a908b108279b60172d2f176e70d2df875
Patch