| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Apr 2024 12:28:53 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-26878: quota: Fix potential NULL pointer dereference Description =========== In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference Below race may cause NULL pointer dereference P1 P2 dquot_free_inode quota_off drop_dquot_ref remove_dquot_ref dquots = i_dquot(inode) dquots = i_dquot(inode) srcu_read_lock dquots[cnt]) != NULL (1) dquots[type] = NULL (2) spin_lock(&dquots[cnt]->dq_dqb_lock) (3) .... If dquot_free_inode(or other routines) checks inode's quota pointers (1) before quota_off sets it to NULL(2) and use it (3) after that, NULL pointer dereference will be triggered. So let's fix it by using a temporary pointer to avoid this issue. The Linux kernel CVE team has assigned CVE-2024-26878 to this issue. Affected and fixed versions =========================== Fixed in 4.19.311 with commit 8514899c1a4e Fixed in 5.4.273 with commit 49669f8e7eb0 Fixed in 5.10.214 with commit 61380537aa6d Fixed in 5.15.153 with commit 1ca72a3de915 Fixed in 6.1.83 with commit 7f9e833fc0f9 Fixed in 6.6.23 with commit 40a673b4b07e Fixed in 6.7.11 with commit f2649d98aa9c Fixed in 6.8.2 with commit 6afc9f4434fa Fixed in 6.9-rc1 with commit d0aa72604fbd Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-26878 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/quota/dquot.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1 https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0 https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0 https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25 https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754 https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5 https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7 https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877 https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f
Powered by blists - more mailing lists