5.5

CVE-2023-53526

jbd2: check 'jh->b_transaction' before removing it from checkpoint

In the Linux kernel, the following vulnerability has been resolved:

jbd2: check 'jh->b_transaction' before removing it from checkpoint

Following process will corrupt ext4 image:
Step 1:
jbd2_journal_commit_transaction
 __jbd2_journal_insert_checkpoint(jh, commit_transaction)
 // Put jh into trans1->t_checkpoint_list
 journal->j_checkpoint_transactions = commit_transaction
 // Put trans1 into journal->j_checkpoint_transactions

Step 2:
do_get_write_access
 test_clear_buffer_dirty(bh) // clear buffer dirty,set jbd dirty
 __jbd2_journal_file_buffer(jh, transaction) // jh belongs to trans2

Step 3:
drop_cache
 journal_shrink_one_cp_list
  jbd2_journal_try_remove_checkpoint
   if (!trylock_buffer(bh))  // lock bh, true
   if (buffer_dirty(bh))     // buffer is not dirty
   __jbd2_journal_remove_checkpoint(jh)
   // remove jh from trans1->t_checkpoint_list

Step 4:
jbd2_log_do_checkpoint
 trans1 = journal->j_checkpoint_transactions
 // jh is not in trans1->t_checkpoint_list
 jbd2_cleanup_journal_tail(journal)  // trans1 is done

Step 5: Power cut, trans2 is not committed, jh is lost in next mounting.

Fix it by checking 'jh->b_transaction' before remove it from checkpoint.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15.129 < 5.15.132
LinuxLinux Kernel Version >= 6.1.50 < 6.1.54
LinuxLinux Kernel Version >= 6.4.13 < 6.5
LinuxLinux Kernel Version >= 6.5.1 < 6.5.4
LinuxLinux Kernel Version6.5 Update-
LinuxLinux Kernel Version6.5 Updaterc3
LinuxLinux Kernel Version6.5 Updaterc4
LinuxLinux Kernel Version6.5 Updaterc5
LinuxLinux Kernel Version6.5 Updaterc6
LinuxLinux Kernel Version6.5 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.033
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/2298f2589903a8bc03061b54b31fd97985ab6529
Patch
https://git.kernel.org/stable/c/590a809ff743e7bd890ba5fb36bc38e20a36de53
Patch
https://git.kernel.org/stable/c/dbafe636db415299e54d9dfefc1003bda9e71c9d
Patch
https://git.kernel.org/stable/c/ef5fea70e5915afd64182d155e72bfb4f275e1fc
Patch