| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024061956-CVE-2024-38570-a8ef@gregkh> Date: Wed, 19 Jun 2024 15:36:19 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount Description =========== In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ares still locks in that lockspace, DLM will unlock those locks automatically. Commit fb6791d100d1b started exploiting this behavior to speed up filesystem unmount: gfs2 would simply free glocks it didn't want to unlock and then release the lockspace. This didn't take the bast callbacks for asynchronous lock contention notifications into account, which remain active until until a lock is unlocked or its lockspace is released. To prevent those callbacks from accessing deallocated objects, put the glocks that should not be unlocked on the sd_dead_glocks list, release the lockspace, and only then free those glocks. As an additional measure, ignore unexpected ast and bast callbacks if the receiving glock is dead. The Linux kernel CVE team has assigned CVE-2024-38570 to this issue. Affected and fixed versions =========================== Issue introduced in 3.8 with commit fb6791d100d1 and fixed in 6.6.33 with commit 0636b34b4458 Issue introduced in 3.8 with commit fb6791d100d1 and fixed in 6.8.12 with commit e42e8a24d7f0 Issue introduced in 3.8 with commit fb6791d100d1 and fixed in 6.9.3 with commit 501cd8fabf62 Issue introduced in 3.8 with commit fb6791d100d1 and fixed in 6.10-rc1 with commit d98779e68772 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-38570 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/gfs2/glock.c fs/gfs2/glock.h fs/gfs2/incore.h fs/gfs2/lock_dlm.c fs/gfs2/ops_fstype.c fs/gfs2/super.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/0636b34b44589b142700ac137b5f69802cfe2e37 https://git.kernel.org/stable/c/e42e8a24d7f02d28763d16ca7ec5fc6d1f142af0 https://git.kernel.org/stable/c/501cd8fabf621d10bd4893e37f6ce6c20523c8ca https://git.kernel.org/stable/c/d98779e687726d8f8860f1c54b5687eec5f63a73
Powered by blists - more mailing lists