4.7

CVE-2024-50006

EPSS 0.03%
Veröffentlicht 21.10.2024 19:15:04
Zuletzt bearbeitet 03.11.2025 23:16:39
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix i_data_sem unlock order in ext4_ind_migrate()

Fuzzing reports a possible deadlock in jbd2_log_wait_commit.

This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require
synchronous updates because the file descriptor is opened with O_SYNC.
This can lead to the jbd2_journal_stop() function calling
jbd2_might_wait_for_commit(), potentially causing a deadlock if the
EXT4_IOC_MIGRATE call races with a write(2) system call.

This problem only arises when CONFIG_PROVE_LOCKING is enabled. In this
case, the jbd2_might_wait_for_commit macro locks jbd2_handle in the
jbd2_journal_stop function while i_data_sem is locked. This triggers
lockdep because the jbd2_journal_start function might also lock the same
jbd2_handle simultaneously.

Found by Linux Verification Center (linuxtesting.org) with syzkaller.

Rule: add

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.10.227

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.168

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.113

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.55

Linux ≫ Linux Kernel Version >= 6.7 < 6.10.14

Linux ≫ Linux Kernel Version >= 6.11 < 6.11.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.059

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/3c46d6060d3e38de22196c1fe7706c5a3c696285

https://git.kernel.org/stable/c/4192adefc9c570698821c5eb9873320eac2fcbf1

https://git.kernel.org/stable/c/53b1999cfd2c7addf2e581a32865fe8835467b44

Patch

https://git.kernel.org/stable/c/6252cb6bde7fc76cb8dcb49d1def7c326b190820

Patch

https://git.kernel.org/stable/c/9fedf51ab8cf7b69bff08f37fe0989fec7f5d870

Patch

https://git.kernel.org/stable/c/cc749e61c011c255d81b192a822db650c68b313f

Patch

https://git.kernel.org/stable/c/d43776b907659affef1de888525847d64b244194

Patch

https://git.kernel.org/stable/c/d58a00e981d3118b91d503da263e640b7cde6729

Patch

https://git.kernel.org/stable/c/ef05572da0c0eb89614ed01cc17d3c882bdbd1ff

Patch

https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://nvd.nist.gov/vuln/detail/CVE-2024-50006

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-50006

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-50006

EUVD