Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-56744

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
29/12/2024
Last modified:
16/04/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason()<br /> <br /> syzbot reports deadlock issue of f2fs as below:<br /> <br /> ======================================================<br /> WARNING: possible circular locking dependency detected<br /> 6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 Not tainted<br /> ------------------------------------------------------<br /> kswapd0/79 is trying to acquire lock:<br /> ffff888011824088 (&amp;sbi-&gt;sb_lock){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2199 [inline]<br /> ffff888011824088 (&amp;sbi-&gt;sb_lock){++++}-{3:3}, at: f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068<br /> <br /> but task is already holding lock:<br /> ffff88804bd92610 (sb_internal#2){.+.+}-{0:0}, at: f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842<br /> <br /> which lock already depends on the new lock.<br /> <br /> the existing dependency chain (in reverse order) is:<br /> <br /> -&gt; #2 (sb_internal#2){.+.+}-{0:0}:<br /> lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825<br /> percpu_down_read include/linux/percpu-rwsem.h:51 [inline]<br /> __sb_start_write include/linux/fs.h:1716 [inline]<br /> sb_start_intwrite+0x4d/0x1c0 include/linux/fs.h:1899<br /> f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842<br /> evict+0x4e8/0x9b0 fs/inode.c:725<br /> f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807<br /> evict+0x4e8/0x9b0 fs/inode.c:725<br /> dispose_list fs/inode.c:774 [inline]<br /> prune_icache_sb+0x239/0x2f0 fs/inode.c:963<br /> super_cache_scan+0x38c/0x4b0 fs/super.c:223<br /> do_shrink_slab+0x701/0x1160 mm/shrinker.c:435<br /> shrink_slab+0x1093/0x14d0 mm/shrinker.c:662<br /> shrink_one+0x43b/0x850 mm/vmscan.c:4818<br /> shrink_many mm/vmscan.c:4879 [inline]<br /> lru_gen_shrink_node mm/vmscan.c:4957 [inline]<br /> shrink_node+0x3799/0x3de0 mm/vmscan.c:5937<br /> kswapd_shrink_node mm/vmscan.c:6765 [inline]<br /> balance_pgdat mm/vmscan.c:6957 [inline]<br /> kswapd+0x1ca3/0x3700 mm/vmscan.c:7226<br /> kthread+0x2f0/0x390 kernel/kthread.c:389<br /> ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147<br /> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244<br /> <br /> -&gt; #1 (fs_reclaim){+.+.}-{0:0}:<br /> lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825<br /> __fs_reclaim_acquire mm/page_alloc.c:3834 [inline]<br /> fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3848<br /> might_alloc include/linux/sched/mm.h:318 [inline]<br /> prepare_alloc_pages+0x147/0x5b0 mm/page_alloc.c:4493<br /> __alloc_pages_noprof+0x16f/0x710 mm/page_alloc.c:4722<br /> alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265<br /> alloc_pages_noprof mm/mempolicy.c:2345 [inline]<br /> folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2352<br /> filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1010<br /> do_read_cache_folio+0x2eb/0x850 mm/filemap.c:3787<br /> read_mapping_folio include/linux/pagemap.h:1011 [inline]<br /> f2fs_commit_super+0x3c0/0x7d0 fs/f2fs/super.c:4032<br /> f2fs_record_stop_reason+0x13b/0x1d0 fs/f2fs/super.c:4079<br /> f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174<br /> f2fs_write_inode+0x35f/0x4d0 fs/f2fs/inode.c:785<br /> write_inode fs/fs-writeback.c:1503 [inline]<br /> __writeback_single_inode+0x711/0x10d0 fs/fs-writeback.c:1723<br /> writeback_single_inode+0x1f3/0x660 fs/fs-writeback.c:1779<br /> sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2849<br /> f2fs_release_file+0xa8/0x100 fs/f2fs/file.c:1941<br /> __fput+0x23f/0x880 fs/file_table.c:431<br /> task_work_run+0x24f/0x310 kernel/task_work.c:228<br /> resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]<br /> exit_to_user_mode_loop kernel/entry/common.c:114 [inline]<br /> exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]<br /> __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]<br /> syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218<br /> do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> <br /> ---truncated---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.4.4 (including) 6.6.64 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.11.11 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.12 (including) 6.12.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools