THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-27058

tmpfs: fix race on handling dquot rbtree

Reserved:2024-02-19
Published:2024-05-01
Updated:2024-05-13

Description

In the Linux kernel, the following vulnerability has been resolved: tmpfs: fix race on handling dquot rbtree A syzkaller reproducer found a race while attempting to remove dquot information from the rb tree. Fetching the rb_tree root node must also be protected by the dqopt->dqio_sem, otherwise, giving the right timing, shmem_release_dquot() will trigger a warning because it couldn't find a node in the tree, when the real reason was the root node changing before the search starts: Thread 1 Thread 2 - shmem_release_dquot() - shmem_{acquire,release}_dquot() - fetch ROOT - Fetch ROOT - acquire dqio_sem - wait dqio_sem - do something, triger a tree rebalance - release dqio_sem - acquire dqio_sem - start searching for the node, but from the wrong location, missing the node, and triggering a warning.

Product status

Default status
unaffected

eafc474e2029 before c7077f43f30d
affected

eafc474e2029 before 617d55b90e73
affected

eafc474e2029 before f82f184874d2
affected

eafc474e2029 before 0a69b6b3a026
affected

Default status
affected

6.6
affected

Any version before 6.6
unaffected

6.6.24
unaffected

6.7.12
unaffected

6.8.3
unaffected

6.9
unaffected

References

https://git.kernel.org/stable/c/c7077f43f30d817d10a9f8245e51576ac114b2f0

https://git.kernel.org/stable/c/617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb

https://git.kernel.org/stable/c/f82f184874d2761ebaa60dccf577921a0dbb3810

https://git.kernel.org/stable/c/0a69b6b3a026543bc215ccc866d0aea5579e6ce2

cve.org CVE-2024-27058

nvd.nist.gov CVE-2024-27058

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-27058