-

CVE-2023-54177

In the Linux kernel, the following vulnerability has been resolved:

quota: fix warning in dqgrab()

There's issue as follows when do fault injection:
WARNING: CPU: 1 PID: 14870 at include/linux/quotaops.h:51 dquot_disable+0x13b7/0x18c0
Modules linked in:
CPU: 1 PID: 14870 Comm: fsconfig Not tainted 6.3.0-next-20230505-00006-g5107a9c821af-dirty #541
RIP: 0010:dquot_disable+0x13b7/0x18c0
RSP: 0018:ffffc9000acc79e0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88825e41b980
RDX: 0000000000000000 RSI: ffff88825e41b980 RDI: 0000000000000002
RBP: ffff888179f68000 R08: ffffffff82087ca7 R09: 0000000000000000
R10: 0000000000000001 R11: ffffed102f3ed026 R12: ffff888179f68130
R13: ffff888179f68110 R14: dffffc0000000000 R15: ffff888179f68118
FS:  00007f450a073740(0000) GS:ffff88882fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe96f2efd8 CR3: 000000025c8ad000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 dquot_load_quota_sb+0xd53/0x1060
 dquot_resume+0x172/0x230
 ext4_reconfigure+0x1dc6/0x27b0
 reconfigure_super+0x515/0xa90
 __x64_sys_fsconfig+0xb19/0xd20
 do_syscall_64+0x39/0xb0
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Above issue may happens as follows:
ProcessA              ProcessB                    ProcessC
sys_fsconfig
  vfs_fsconfig_locked
   reconfigure_super
     ext4_remount
      dquot_suspend -> suspend all type quota

                 sys_fsconfig
                  vfs_fsconfig_locked
                    reconfigure_super
                     ext4_remount
                      dquot_resume
                       ret = dquot_load_quota_sb
                        add_dquot_ref
                                           do_open  -> open file O_RDWR
                                            vfs_open
                                             do_dentry_open
                                              get_write_access
                                               atomic_inc_unless_negative(&inode->i_writecount)
                                              ext4_file_open
                                               dquot_file_open
                                                dquot_initialize
                                                  __dquot_initialize
                                                   dqget
						    atomic_inc(&dquot->dq_count);

                          __dquot_initialize
                           __dquot_initialize
                            dqget
                             if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags))
                               ext4_acquire_dquot
			        -> Return error DQ_ACTIVE_B flag isn't set
                         dquot_disable
			  invalidate_dquots
			   if (atomic_read(&dquot->dq_count))
	                    dqgrab
			     WARN_ON_ONCE(!test_bit(DQ_ACTIVE_B, &dquot->dq_flags))
	                      -> Trigger warning

In the above scenario, 'dquot->dq_flags' has no DQ_ACTIVE_B is normal when
dqgrab().
To solve above issue just replace the dqgrab() use in invalidate_dquots() with
atomic_inc(&dquot->dq_count).
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 6478eabc92274efae6269da7c515ba2b4c8e88d8
Version 9f985cb6c45bc3f8b7e161c9658d409d051d576f
Status affected
Version < 965bad2bf1afef64ec16249da676dc7310cca32e
Version 9f985cb6c45bc3f8b7e161c9658d409d051d576f
Status affected
Version < 3f378783c47b5749317ea008d8c931d6d3986d8f
Version 9f985cb6c45bc3f8b7e161c9658d409d051d576f
Status affected
Version < cbaebbba722cb9738c55903efce11f51cdd97bee
Version 9f985cb6c45bc3f8b7e161c9658d409d051d576f
Status affected
Version < 579d814de87c3cac69c9b261efa165d07cde3357
Version 9f985cb6c45bc3f8b7e161c9658d409d051d576f
Status affected
Version < 6432843debe1ec7d76c5b2f76c67f9c5df22436e
Version 9f985cb6c45bc3f8b7e161c9658d409d051d576f
Status affected
Version < 6f4e543d277a12dfeff027e6ab24a170e1bfc160
Version 9f985cb6c45bc3f8b7e161c9658d409d051d576f
Status affected
Version < d6a95db3c7ad160bc16b89e36449705309b52bcb
Version 9f985cb6c45bc3f8b7e161c9658d409d051d576f
Status affected
Version b5258061a2a8f657aa5900dd3c1ded9e868e3544
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 3.15
Status affected
Version < 3.15
Version 0
Status unaffected
Version <= 4.14.*
Version 4.14.324
Status unaffected
Version <= 4.19.*
Version 4.19.293
Status unaffected
Version <= 5.4.*
Version 5.4.255
Status unaffected
Version <= 5.10.*
Version 5.10.192
Status unaffected
Version <= 5.15.*
Version 5.15.123
Status unaffected
Version <= 6.1.*
Version 6.1.42
Status unaffected
Version <= 6.4.*
Version 6.4.7
Status unaffected
Version <= *
Version 6.5
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.099
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.