CVE-2024-49875
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/10/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
nfsd: map the EBADMSG to nfserr_io to avoid warning<br />
<br />
Ext4 will throw -EBADMSG through ext4_readdir when a checksum error<br />
occurs, resulting in the following WARNING.<br />
<br />
Fix it by mapping EBADMSG to nfserr_io.<br />
<br />
nfsd_buffered_readdir<br />
iterate_dir // -EBADMSG -74<br />
ext4_readdir // .iterate_shared<br />
ext4_dx_readdir<br />
ext4_htree_fill_tree<br />
htree_dirblock_to_tree<br />
ext4_read_dirblock<br />
__ext4_read_dirblock<br />
ext4_dirblock_csum_verify<br />
warn_no_space_for_csum<br />
__warn_no_space_for_csum<br />
return ERR_PTR(-EFSBADCRC) // -EBADMSG -74<br />
nfserrno // WARNING<br />
<br />
[ 161.115610] ------------[ cut here ]------------<br />
[ 161.116465] nfsd: non-standard errno: -74<br />
[ 161.117315] WARNING: CPU: 1 PID: 780 at fs/nfsd/nfsproc.c:878 nfserrno+0x9d/0xd0<br />
[ 161.118596] Modules linked in:<br />
[ 161.119243] CPU: 1 PID: 780 Comm: nfsd Not tainted 5.10.0-00014-g79679361fd5d #138<br />
[ 161.120684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qe<br />
mu.org 04/01/2014<br />
[ 161.123601] RIP: 0010:nfserrno+0x9d/0xd0<br />
[ 161.124676] Code: 0f 87 da 30 dd 00 83 e3 01 b8 00 00 00 05 75 d7 44 89 ee 48 c7 c7 c0 57 24 98 89 44 24 04 c6<br />
05 ce 2b 61 03 01 e8 99 20 d8 00 0b 8b 44 24 04 eb b5 4c 89 e6 48 c7 c7 a0 6d a4 99 e8 cc 15 33<br />
[ 161.127797] RSP: 0018:ffffc90000e2f9c0 EFLAGS: 00010286<br />
[ 161.128794] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000<br />
[ 161.130089] RDX: 1ffff1103ee16f6d RSI: 0000000000000008 RDI: fffff520001c5f2a<br />
[ 161.131379] RBP: 0000000000000022 R08: 0000000000000001 R09: ffff8881f70c1827<br />
[ 161.132664] R10: ffffed103ee18304 R11: 0000000000000001 R12: 0000000000000021<br />
[ 161.133949] R13: 00000000ffffffb6 R14: ffff8881317c0000 R15: ffffc90000e2fbd8<br />
[ 161.135244] FS: 0000000000000000(0000) GS:ffff8881f7080000(0000) knlGS:0000000000000000<br />
[ 161.136695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
[ 161.137761] CR2: 00007fcaad70b348 CR3: 0000000144256006 CR4: 0000000000770ee0<br />
[ 161.139041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br />
[ 161.140291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br />
[ 161.141519] PKRU: 55555554<br />
[ 161.142076] Call Trace:<br />
[ 161.142575] ? __warn+0x9b/0x140<br />
[ 161.143229] ? nfserrno+0x9d/0xd0<br />
[ 161.143872] ? report_bug+0x125/0x150<br />
[ 161.144595] ? handle_bug+0x41/0x90<br />
[ 161.145284] ? exc_invalid_op+0x14/0x70<br />
[ 161.146009] ? asm_exc_invalid_op+0x12/0x20<br />
[ 161.146816] ? nfserrno+0x9d/0xd0<br />
[ 161.147487] nfsd_buffered_readdir+0x28b/0x2b0<br />
[ 161.148333] ? nfsd4_encode_dirent_fattr+0x380/0x380<br />
[ 161.149258] ? nfsd_buffered_filldir+0xf0/0xf0<br />
[ 161.150093] ? wait_for_concurrent_writes+0x170/0x170<br />
[ 161.151004] ? generic_file_llseek_size+0x48/0x160<br />
[ 161.151895] nfsd_readdir+0x132/0x190<br />
[ 161.152606] ? nfsd4_encode_dirent_fattr+0x380/0x380<br />
[ 161.153516] ? nfsd_unlink+0x380/0x380<br />
[ 161.154256] ? override_creds+0x45/0x60<br />
[ 161.155006] nfsd4_encode_readdir+0x21a/0x3d0<br />
[ 161.155850] ? nfsd4_encode_readlink+0x210/0x210<br />
[ 161.156731] ? write_bytes_to_xdr_buf+0x97/0xe0<br />
[ 161.157598] ? __write_bytes_to_xdr_buf+0xd0/0xd0<br />
[ 161.158494] ? lock_downgrade+0x90/0x90<br />
[ 161.159232] ? nfs4svc_decode_voidarg+0x10/0x10<br />
[ 161.160092] nfsd4_encode_operation+0x15a/0x440<br />
[ 161.160959] nfsd4_proc_compound+0x718/0xe90<br />
[ 161.161818] nfsd_dispatch+0x18e/0x2c0<br />
[ 161.162586] svc_process_common+0x786/0xc50<br />
[ 161.163403] ? nfsd_svc+0x380/0x380<br />
[ 161.164137] ? svc_printk+0x160/0x160<br />
[ 161.164846] ? svc_xprt_do_enqueue.part.0+0x365/0x380<br />
[ 161.165808] ? nfsd_svc+0x380/0x380<br />
[ 161.166523] ? rcu_is_watching+0x23/0x40<br />
[ 161.167309] svc_process+0x1a5/0x200<br />
[ 161.168019] nfsd+0x1f5/0x380<br />
[ 161.168663] ? nfsd_shutdown_threads+0x260/0x260<br />
[ 161.169554] kthread+0x1c4/0x210<br />
[ 161.170224] ? kthread_insert_work_sanity_check+0x80/0x80<br />
[ 161.171246] ret_from_fork+0x1f/0x30
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.10.227 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.168 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.113 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.55 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.10.14 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.11 (including) | 6.11.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0ea4333c679f333e23956de743ad17387819d3f2
- https://git.kernel.org/stable/c/340e61e44c1d2a15c42ec72ade9195ad525fd048
- https://git.kernel.org/stable/c/6fe058502f8864649c3d614b06b2235223798f48
- https://git.kernel.org/stable/c/825789ca94602543101045ad3aad19b2b60c6b2a
- https://git.kernel.org/stable/c/c76005adfa93d1a027433331252422078750321f
- https://git.kernel.org/stable/c/e9cfecca22a36b927a440abc6307efb9e138fed5
- https://git.kernel.org/stable/c/f7d8ee9db94372b8235f5f22bb24381891594c42
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html