lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2024120452-CVE-2024-53136-f7f8@gregkh>
Date: Wed,  4 Dec 2024 15:20:59 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-53136: mm: revert "mm: shmem: fix data-race in shmem_getattr()"

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

mm: revert "mm: shmem: fix data-race in shmem_getattr()"

Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as
suggested by Chuck [1].  It is causing deadlocks when accessing tmpfs over
NFS.

As Hugh commented, "added just to silence a syzbot sanitizer splat: added
where there has never been any practical problem".

The Linux kernel CVE team has assigned CVE-2024-53136 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 6.1.116 with commit 82cae1e30bd9 and fixed in 6.1.119 with commit 5874c1150e77
	Issue introduced in 6.6.60 with commit edd1f9050506 and fixed in 6.6.63 with commit 64e67e869425
	Issue introduced in 6.11.7 with commit ffd56612566b and fixed in 6.11.10 with commit 901dc2ad7c37
	Issue introduced in 4.19.323 with commit 9fb9703cd43e
	Issue introduced in 5.4.285 with commit 7cc30ada8432
	Issue introduced in 5.10.229 with commit bda1a99a0dd6
	Issue introduced in 5.15.171 with commit 3d9528484480

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-53136
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	mm/shmem.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/5874c1150e77296565ad6e495ef41fbf87570d14
	https://git.kernel.org/stable/c/64e67e8694252c1bf01b802ee911be3fee62c36b
	https://git.kernel.org/stable/c/901dc2ad7c3789fa87dc3956f6697c5d62d5cf7e
	https://git.kernel.org/stable/c/d1aa0c04294e29883d65eac6c2f72fe95cc7c049

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ