fkie_cve-2024-42149
Vulnerability from fkie_nvd
Published
2024-07-30 08:15
Modified
2024-12-09 23:05
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs: don't misleadingly warn during thaw operations
The block device may have been frozen before it was claimed by a
filesystem. Concurrently another process might try to mount that
frozen block device and has temporarily claimed the block device for
that purpose causing a concurrent fs_bdev_thaw() to end up here. The
mounter is already about to abort mounting because they still saw an
elevanted bdev->bd_fsfreeze_count so get_bdev_super() will return
NULL in that case.
For example, P1 calls dm_suspend() which calls into bdev_freeze() before
the block device has been claimed by the filesystem. This brings
bdev->bd_fsfreeze_count to 1 and no call into fs_bdev_freeze() is
required.
Now P2 tries to mount that frozen block device. It claims it and checks
bdev->bd_fsfreeze_count. As it's elevated it aborts mounting.
In the meantime P3 called dm_resume(). P3 sees that the block device is
already claimed by a filesystem and calls into fs_bdev_thaw().
P3 takes a passive reference and realizes that the filesystem isn't
ready yet. P3 puts itself to sleep to wait for the filesystem to become
ready.
P2 now puts the last active reference to the filesystem and marks it as
dying. P3 gets woken, sees that the filesystem is dying and
get_bdev_super() fails.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | 6.10 | |
linux | linux_kernel | 6.10 | |
linux | linux_kernel | 6.10 | |
linux | linux_kernel | 6.10 | |
linux | linux_kernel | 6.10 | |
linux | linux_kernel | 6.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5726EB4D-ED18-4DEC-B0C0-A525D33487E1", "versionEndExcluding": "6.9.9", "versionStartIncluding": "6.8", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*", "matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*", "matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: don\u0027t misleadingly warn during thaw operations\n\nThe block device may have been frozen before it was claimed by a\nfilesystem. Concurrently another process might try to mount that\nfrozen block device and has temporarily claimed the block device for\nthat purpose causing a concurrent fs_bdev_thaw() to end up here. The\nmounter is already about to abort mounting because they still saw an\nelevanted bdev-\u003ebd_fsfreeze_count so get_bdev_super() will return\nNULL in that case.\n\nFor example, P1 calls dm_suspend() which calls into bdev_freeze() before\nthe block device has been claimed by the filesystem. This brings\nbdev-\u003ebd_fsfreeze_count to 1 and no call into fs_bdev_freeze() is\nrequired.\n\nNow P2 tries to mount that frozen block device. It claims it and checks\nbdev-\u003ebd_fsfreeze_count. As it\u0027s elevated it aborts mounting.\n\nIn the meantime P3 called dm_resume(). P3 sees that the block device is\nalready claimed by a filesystem and calls into fs_bdev_thaw().\n\nP3 takes a passive reference and realizes that the filesystem isn\u0027t\nready yet. P3 puts itself to sleep to wait for the filesystem to become\nready.\n\nP2 now puts the last active reference to the filesystem and marks it as\ndying. P3 gets woken, sees that the filesystem is dying and\nget_bdev_super() fails." }, { "lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: fs: no advierta de manera enga\u00f1osa durante las operaciones de descongelaci\u00f3n. Es posible que el dispositivo de bloque se haya congelado antes de que un sistema de archivos lo reclamara. Al mismo tiempo, otro proceso podr\u00eda intentar montar ese dispositivo de bloque congelado y ha reclamado temporalmente el dispositivo de bloque para ese prop\u00f3sito, lo que provoca que un fs_bdev_thaw() concurrente termine aqu\u00ed. El montador ya est\u00e1 a punto de cancelar el montaje porque todav\u00eda vio un bdev-\u0026gt;bd_fsfreeze_count elevado, por lo que get_bdev_super() devolver\u00e1 NULL en ese caso. Por ejemplo, P1 llama a dm_suspend(), que llama a bdev_freeze() antes de que el sistema de archivos haya reclamado el dispositivo de bloque. Esto lleva bdev-\u0026gt;bd_fsfreeze_count a 1 y no se requiere ninguna llamada a fs_bdev_freeze(). Ahora P2 intenta montar ese dispositivo de bloque congelado. Lo reclama y comprueba bdev-\u0026gt;bd_fsfreeze_count. Al estar elevado se aborta el montaje. Mientras tanto, P3 llam\u00f3 a dm_resume(). P3 ve que el dispositivo de bloque ya est\u00e1 reclamado por un sistema de archivos y llama a fs_bdev_thaw(). P3 toma una referencia pasiva y se da cuenta de que el sistema de archivos a\u00fan no est\u00e1 listo. P3 se pone en modo de suspensi\u00f3n para esperar a que el sistema de archivos est\u00e9 listo. P2 ahora coloca la \u00faltima referencia activa al sistema de archivos y lo marca como moribundo. P3 se despierta, ve que el sistema de archivos est\u00e1 muriendo y get_bdev_super() falla." } ], "id": "CVE-2024-42149", "lastModified": "2024-12-09T23:05:27.663", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2024-07-30T08:15:06.543", "references": [ { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ], "url": "https://git.kernel.org/stable/c/25b1e3906e050d452427bc51620bb7f0a591373a" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ], "url": "https://git.kernel.org/stable/c/2ae4db5647d807efb6a87c09efaa6d1db9c905d7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://git.kernel.org/stable/c/25b1e3906e050d452427bc51620bb7f0a591373a" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://git.kernel.org/stable/c/2ae4db5647d807efb6a87c09efaa6d1db9c905d7" } ], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…