CVE-2024-27058

Severity CVSS v4.0:
Pending analysis
Type:
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
01/05/2024
Last modified:
08/04/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tmpfs: fix race on handling dquot rbtree<br /> <br /> A syzkaller reproducer found a race while attempting to remove dquot<br /> information from the rb tree.<br /> <br /> Fetching the rb_tree root node must also be protected by the<br /> dqopt-&gt;dqio_sem, otherwise, giving the right timing, shmem_release_dquot()<br /> will trigger a warning because it couldn&amp;#39;t find a node in the tree, when<br /> the real reason was the root node changing before the search starts:<br /> <br /> Thread 1 Thread 2<br /> - shmem_release_dquot() - shmem_{acquire,release}_dquot()<br /> <br /> - fetch ROOT - Fetch ROOT<br /> <br /> - acquire dqio_sem<br /> - wait dqio_sem<br /> <br /> - do something, triger a tree rebalance<br /> - release dqio_sem<br /> <br /> - acquire dqio_sem<br /> - start searching for the node, but<br /> from the wrong location, missing<br /> the node, and triggering a warning.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.6 (including) 6.6.24 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.7.12 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.8 (including) 6.8.3 (excluding)
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*