CVE-2024-53690

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nilfs2: prevent use of deleted inode<br /> <br /> syzbot reported a WARNING in nilfs_rmdir. [1]<br /> <br /> Because the inode bitmap is corrupted, an inode with an inode number that<br /> should exist as a ".nilfs" file was reassigned by nilfs_mkdir for "file0",<br /> causing an inode duplication during execution. And this causes an<br /> underflow of i_nlink in rmdir operations.<br /> <br /> The inode is used twice by the same task to unmount and remove directories<br /> ".nilfs" and "file0", it trigger warning in nilfs_rmdir.<br /> <br /> Avoid to this issue, check i_nlink in nilfs_iget(), if it is 0, it means<br /> that this inode has been deleted, and iput is executed to reclaim it.<br /> <br /> [1]<br /> WARNING: CPU: 1 PID: 5824 at fs/inode.c:407 drop_nlink+0xc4/0x110 fs/inode.c:407<br /> ...<br /> Call Trace:<br /> <br /> nilfs_rmdir+0x1b0/0x250 fs/nilfs2/namei.c:342<br /> vfs_rmdir+0x3a3/0x510 fs/namei.c:4394<br /> do_rmdir+0x3b5/0x580 fs/namei.c:4453<br /> __do_sys_rmdir fs/namei.c:4472 [inline]<br /> __se_sys_rmdir fs/namei.c:4470 [inline]<br /> __x64_sys_rmdir+0x47/0x50 fs/namei.c:4470<br /> do_syscall_x64 arch/x86/entry/common.c:52 [inline]<br /> do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f