We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-46701

libfs: fix infinite directory reads for offset dir



Description

In the Linux kernel, the following vulnerability has been resolved: libfs: fix infinite directory reads for offset dir After we switch tmpfs dir operations from simple_dir_operations to simple_offset_dir_operations, every rename happened will fill new dentry to dest dir's maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free key starting with octx->newx_offset, and then set newx_offset equals to free key + 1. This will lead to infinite readdir combine with rename happened at the same time, which fail generic/736 in xfstests(detail show as below). 1. create 5000 files(1 2 3...) under one dir 2. call readdir(man 3 readdir) once, and get one entry 3. rename(entry, "TEMPFILE"), then rename("TEMPFILE", entry) 4. loop 2~3, until readdir return nothing or we loop too many times(tmpfs break test with the second condition) We choose the same logic what commit 9b378f6ad48cf ("btrfs: fix infinite directory reads") to fix it, record the last_index when we open dir, and do not emit the entry which index >= last_index. The file->private_data now used in offset dir can use directly to do this, and we also update the last_index when we llseek the dir file. [brauner: only update last_index after seek when offset is zero like Jan suggested]

Reserved 2024-09-11 | Published 2024-09-13 | Updated 2024-11-05 | Assigner Linux

Product status

Default status
unaffected

a2e459555c5f before 308b4fc2403b
affected

a2e459555c5f before 64a7ce76fb90
affected

Default status
affected

6.6
affected

Any version before 6.6
unaffected

6.10.7
unaffected

6.11
unaffected

References

git.kernel.org/...c/308b4fc2403b335894592ee9dc212a5e58bb309f

git.kernel.org/...c/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a

cve.org (CVE-2024-46701)

nvd.nist.gov (CVE-2024-46701)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-46701

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.