lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2024081753-CVE-2024-42315-a707@gregkh>
Date: Sat, 17 Aug 2024 11:10:20 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-42315: exfat: fix potential deadlock on __exfat_get_dentry_set

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

exfat: fix potential deadlock on __exfat_get_dentry_set

When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array
is allocated in __exfat_get_entry_set. The problem is that the bh-array is
allocated with GFP_KERNEL. It does not make sense. In the following cases,
a deadlock for sbi->s_lock between the two processes may occur.

       CPU0                CPU1
       ----                ----
  kswapd
   balance_pgdat
    lock(fs_reclaim)
                      exfat_iterate
                       lock(&sbi->s_lock)
                       exfat_readdir
                        exfat_get_uniname_from_ext_entry
                         exfat_get_dentry_set
                          __exfat_get_dentry_set
                           kmalloc_array
                            ...
                            lock(fs_reclaim)
    ...
    evict
     exfat_evict_inode
      lock(&sbi->s_lock)

To fix this, let's allocate bh-array with GFP_NOFS.

The Linux kernel CVE team has assigned CVE-2024-42315 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 6.2 with commit a3ff29a95fde and fixed in 6.6.44 with commit a7ac198f8dba
	Issue introduced in 6.2 with commit a3ff29a95fde and fixed in 6.10.3 with commit 1d1970493c28
	Issue introduced in 6.2 with commit a3ff29a95fde and fixed in 6.11-rc1 with commit 89fc548767a2
	Issue introduced in 5.10.190 with commit bd3bdb9e0d65
	Issue introduced in 5.15.150 with commit 92dcd7d6c606

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-42315
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	fs/exfat/dir.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b
	https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62
	https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ