5.5

CVE-2024-26685

nilfs2: fix potential bug in end_buffer_async_write

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix potential bug in end_buffer_async_write

According to a syzbot report, end_buffer_async_write(), which handles the
completion of block device writes, may detect abnormal condition of the
buffer async_write flag and cause a BUG_ON failure when using nilfs2.

Nilfs2 itself does not use end_buffer_async_write().  But, the async_write
flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue
with race condition of competition between segments for dirty blocks") as
a means of resolving double list insertion of dirty blocks in
nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the
resulting crash.

This modification is safe as long as it is used for file data and b-tree
node blocks where the page caches are independent.  However, it was
irrelevant and redundant to also introduce async_write for segment summary
and super root blocks that share buffers with the backing device.  This
led to the possibility that the BUG_ON check in end_buffer_async_write
would fail as described above, if independent writebacks of the backing
device occurred in parallel.

The use of async_write for segment summary buffers has already been
removed in a previous change.

Fix this issue by removing the manipulation of the async_write flag for
the remaining super root block buffer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.2.52 < 3.3
LinuxLinux Kernel Version >= 3.4.83 < 3.5
LinuxLinux Kernel Version >= 3.10.16 < 3.11
LinuxLinux Kernel Version >= 3.11.5 < 4.19.307
LinuxLinux Kernel Version >= 4.20 < 5.4.269
LinuxLinux Kernel Version >= 5.5 < 5.10.210
LinuxLinux Kernel Version >= 5.11 < 5.15.149
LinuxLinux Kernel Version >= 5.16 < 6.1.79
LinuxLinux Kernel Version >= 6.2 < 6.6.18
LinuxLinux Kernel Version >= 6.7 < 6.7.6
LinuxLinux Kernel Version6.8 Updaterc1
LinuxLinux Kernel Version6.8 Updaterc2
LinuxLinux Kernel Version6.8 Updaterc3
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.16
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Third Party Advisory
Mailing List
https://git.kernel.org/stable/c/2c3bdba00283a6c7a5b19481a59a730f46063803
Patch
https://git.kernel.org/stable/c/5bc09b397cbf1221f8a8aacb1152650c9195b02b
Patch
https://git.kernel.org/stable/c/626daab3811b772086aef1bf8eed3ffe6f523eff
Patch
https://git.kernel.org/stable/c/6589f0f72f8edd1fa11adce4eedbd3615f2e78ab
Patch
https://git.kernel.org/stable/c/8fa90634ec3e9cc50f42dd605eec60f2d146ced8
Patch
https://git.kernel.org/stable/c/c4a09fdac625e64abe478dcf88bfa20406616928
Patch
https://git.kernel.org/stable/c/d31c8721e816eff5ca6573cc487754f357c093cd
Patch
https://git.kernel.org/stable/c/f3e4963566f58726d3265a727116a42b591f6596
Patch