CVE-2024-56755

EPSS 0.02%
Veröffentlicht 29.12.2024 12:15:09
Zuletzt bearbeitet 03.11.2025 21:18:27
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING

In the Linux kernel, the following vulnerability has been resolved:

netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING

In fscache_create_volume(), there is a missing memory barrier between the
bit-clearing operation and the wake-up operation. This may cause a
situation where, after a wake-up, the bit-clearing operation hasn't been
detected yet, leading to an indefinite wait. The triggering process is as
follows:

  [cookie1]                [cookie2]                  [volume_work]
fscache_perform_lookup
  fscache_create_volume
                        fscache_perform_lookup
                          fscache_create_volume
			                        fscache_create_volume_work
                                                  cachefiles_acquire_volume
                                                  clear_and_wake_up_bit
    test_and_set_bit
                            test_and_set_bit
                              goto maybe_wait
      goto no_wait

In the above process, cookie1 and cookie2 has the same volume. When cookie1
enters the -no_wait- process, it will clear the bit and wake up the waiting
process. If a barrier is missing, it may cause cookie2 to remain in the
-wait- process indefinitely.

In commit 3288666c7256 ("fscache: Use clear_and_wake_up_bit() in
fscache_create_volume_work()"), barriers were added to similar operations
in fscache_create_volume_work(), but fscache_create_volume() was missed.

By combining the clear and wake operations into clear_and_wake_up_bit() to
fix this issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

NVD 4 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.17 < 6.1.120

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.64

Linux ≫ Linux Kernel Version >= 6.7 < 6.11.11

Linux ≫ Linux Kernel Version >= 6.12 < 6.12.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/22f9400a6f3560629478e0a64247b8fcc811a24d

Patch

https://git.kernel.org/stable/c/539fabba965e119b98066fc6ba5257b5eaf4eda2

Patch

https://git.kernel.org/stable/c/8beb682cc9a0798a280bbb95e3e41617237090b2

Patch

https://git.kernel.org/stable/c/8cc1df3113cb71a0df2c46dd5b102c9e11c8a8c6

Patch

https://git.kernel.org/stable/c/ddab02607eed9e415dc62fde421d4329e5345315

Patch

https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

https://nvd.nist.gov/vuln/detail/CVE-2024-56755