lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024102153-CVE-2024-49855-8997@gregkh> Date: Mon, 21 Oct 2024 14:18:57 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-49855: nbd: fix race between timeout and normal completion Description =========== In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbd_requeue_cmd(), normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime make sure that cmd->lock is grabbed for clearing the flag and the requeue. The Linux kernel CVE team has assigned CVE-2024-49855 to this issue. Affected and fixed versions =========================== Issue introduced in 5.19 with commit 2895f1831e91 and fixed in 6.1.113 with commit 9c25faf72d78 Issue introduced in 5.19 with commit 2895f1831e91 and fixed in 6.6.54 with commit 6e73b946a379 Issue introduced in 5.19 with commit 2895f1831e91 and fixed in 6.10.13 with commit 5236ada8ebbd Issue introduced in 5.19 with commit 2895f1831e91 and fixed in 6.11.2 with commit 9a74c3e6c0d6 Issue introduced in 5.19 with commit 2895f1831e91 and fixed in 6.12-rc1 with commit c9ea57c91f03 Issue introduced in 5.17.15 with commit cdf62c535a9b Issue introduced in 5.18.4 with commit 5171ef20bae8 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-49855 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/block/nbd.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/9c25faf72d780a9c71081710cd48759d61ff6e9b https://git.kernel.org/stable/c/6e73b946a379a1dfbb62626af93843bdfb53753d https://git.kernel.org/stable/c/5236ada8ebbd9e7461f17477357582f5be4f46f7 https://git.kernel.org/stable/c/9a74c3e6c0d686c26ba2aab66d15ddb89dc139cc https://git.kernel.org/stable/c/c9ea57c91f03bcad415e1a20113bdb2077bcf990
Powered by blists - more mailing lists