lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 17 Apr 2024 12:14:55 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-26848: afs: Fix endless loop in directory parsing

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

afs: Fix endless loop in directory parsing

If a directory has a block with only ".__afsXXXX" files in it (from
uncompleted silly-rename), these .__afsXXXX files are skipped but without
advancing the file position in the dir_context.  This leads to
afs_dir_iterate() repeating the block again and again.

Fix this by making the code that skips the .__afsXXXX file also manually
advance the file position.

The symptoms are a soft lookup:

        watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737]
        ...
        RIP: 0010:afs_dir_iterate_block+0x39/0x1fd
        ...
         ? watchdog_timer_fn+0x1a6/0x213
        ...
         ? asm_sysvec_apic_timer_interrupt+0x16/0x20
         ? afs_dir_iterate_block+0x39/0x1fd
         afs_dir_iterate+0x10a/0x148
         afs_readdir+0x30/0x4a
         iterate_dir+0x93/0xd3
         __do_sys_getdents64+0x6b/0xd4

This is almost certainly the actual fix for:

        https://bugzilla.kernel.org/show_bug.cgi?id=218496

The Linux kernel CVE team has assigned CVE-2024-26848 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.4.269 with commit 01d15b68f041 and fixed in 5.4.271 with commit 5c78be006ed9
	Issue introduced in 5.4.269 with commit 01d15b68f041 and fixed in 5.4.273 with commit 854ebf45a4dd
	Issue introduced in 5.10.210 with commit 8499e2f1218e and fixed in 5.10.212 with commit 96370ba395c5
	Issue introduced in 5.10.210 with commit 8499e2f1218e and fixed in 5.10.214 with commit b94f434fe977
	Issue introduced in 5.15.149 with commit 21a2115e0ca0 and fixed in 5.15.151 with commit 80b15346492b
	Issue introduced in 5.15.149 with commit 21a2115e0ca0 and fixed in 5.15.153 with commit a6ffae61ad9e
	Issue introduced in 6.1.76 with commit ab49164c6080 and fixed in 6.1.81 with commit 058ed71e0f7a
	Issue introduced in 6.1.76 with commit ab49164c6080 and fixed in 6.1.83 with commit 76426abf9b98
	Issue introduced in 6.6.15 with commit a53411e805e0 and fixed in 6.6.21 with commit f67898867b6b
	Issue introduced in 6.6.15 with commit a53411e805e0 and fixed in 6.6.23 with commit 106e14ca55a0
	Issue introduced in 6.7.3 with commit fa70c6954aab and fixed in 6.7.9 with commit fe02316e4933
	Issue introduced in 6.7.3 with commit fa70c6954aab and fixed in 6.7.11 with commit 9c41f4935625
	Issue introduced in 6.8 with commit 57e9d49c5452 and fixed in 6.8.2 with commit 2afdd0cb0232

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26848
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	fs/afs/dir.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/5c78be006ed9cb735ac2abf4fd64f3f4ea26da31
	https://git.kernel.org/stable/c/854ebf45a4ddd4cadeffb6644e88d19020634e1a
	https://git.kernel.org/stable/c/96370ba395c572ef496fd2c7afc4a1ab3dedd3f0
	https://git.kernel.org/stable/c/b94f434fe977689da4291dc21717790b9bd1c064
	https://git.kernel.org/stable/c/80b15346492bdba677bbb0adefc611910e505f7b
	https://git.kernel.org/stable/c/a6ffae61ad9ebf2fdcb943135b2f30c85f49cd27
	https://git.kernel.org/stable/c/058ed71e0f7aa3b6694ca357e23d084e5d3f2470
	https://git.kernel.org/stable/c/76426abf9b980b46983f97de8e5b25047b4c9863
	https://git.kernel.org/stable/c/f67898867b6b0f4542cddc7fe57997978b948a7a
	https://git.kernel.org/stable/c/106e14ca55a0acb3236ee98813a1d243f8aa2d05
	https://git.kernel.org/stable/c/fe02316e4933befc621fa125efb8f8b4d04cceec
	https://git.kernel.org/stable/c/9c41f4935625218a2053a2dce1423c3054169809
	https://git.kernel.org/stable/c/5f7a07646655fb4108da527565dcdc80124b14c4
	https://git.kernel.org/stable/c/2afdd0cb02329464d77f3ec59468395c791a51a4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ