[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024041740-CVE-2024-26878-5748@gregkh>
Date: Wed, 17 Apr 2024 12:28:53 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-26878: quota: Fix potential NULL pointer dereference
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
quota: Fix potential NULL pointer dereference
Below race may cause NULL pointer dereference
P1 P2
dquot_free_inode quota_off
drop_dquot_ref
remove_dquot_ref
dquots = i_dquot(inode)
dquots = i_dquot(inode)
srcu_read_lock
dquots[cnt]) != NULL (1)
dquots[type] = NULL (2)
spin_lock(&dquots[cnt]->dq_dqb_lock) (3)
....
If dquot_free_inode(or other routines) checks inode's quota pointers (1)
before quota_off sets it to NULL(2) and use it (3) after that, NULL pointer
dereference will be triggered.
So let's fix it by using a temporary pointer to avoid this issue.
The Linux kernel CVE team has assigned CVE-2024-26878 to this issue.
Affected and fixed versions
===========================
Fixed in 4.19.311 with commit 8514899c1a4e
Fixed in 5.4.273 with commit 49669f8e7eb0
Fixed in 5.10.214 with commit 61380537aa6d
Fixed in 5.15.153 with commit 1ca72a3de915
Fixed in 6.1.83 with commit 7f9e833fc0f9
Fixed in 6.6.23 with commit 40a673b4b07e
Fixed in 6.7.11 with commit f2649d98aa9c
Fixed in 6.8.2 with commit 6afc9f4434fa
Fixed in 6.9-rc1 with commit d0aa72604fbd
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-26878
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/quota/dquot.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1
https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0
https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0
https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25
https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754
https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5
https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7
https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877
https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f
Powered by blists - more mailing lists