| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122713-CVE-2024-56630-c856@gregkh>
Date: Fri, 27 Dec 2024 15:51:37 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-56630: ocfs2: free inode when ocfs2_get_init_inode() fails
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: free inode when ocfs2_get_init_inode() fails
syzbot is reporting busy inodes after unmount, for commit 9c89fe0af826
("ocfs2: Handle error from dquot_initialize()") forgot to call iput() when
new_inode() succeeded and dquot_initialize() failed.
The Linux kernel CVE team has assigned CVE-2024-56630 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.3 with commit 9c89fe0af826bfff36d8019ea6fd78db09b3c478 and fixed in 5.4.287 with commit 911fcc95b530615b484e8920741fc5e4bc4e684a
Issue introduced in 4.3 with commit 9c89fe0af826bfff36d8019ea6fd78db09b3c478 and fixed in 5.10.231 with commit 9c19ea59965ebb482e227532f7bbb01792fb028c
Issue introduced in 4.3 with commit 9c89fe0af826bfff36d8019ea6fd78db09b3c478 and fixed in 5.15.174 with commit c5327720a4655303ffa3f632d86ee205dd783f32
Issue introduced in 4.3 with commit 9c89fe0af826bfff36d8019ea6fd78db09b3c478 and fixed in 6.1.120 with commit 67c2c6d0564ca05348ba4f8f6eaf7a0713f56c15
Issue introduced in 4.3 with commit 9c89fe0af826bfff36d8019ea6fd78db09b3c478 and fixed in 6.6.66 with commit a84d507d3290aca249b44ae992af9e10590cc5f6
Issue introduced in 4.3 with commit 9c89fe0af826bfff36d8019ea6fd78db09b3c478 and fixed in 6.12.5 with commit 03db61c43c8e2729896fda6b9a95c7fb5c875c20
Issue introduced in 4.3 with commit 9c89fe0af826bfff36d8019ea6fd78db09b3c478 and fixed in 6.13-rc2 with commit 965b5dd1894f4525f38c1b5f99b0106a07dbb5db
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-56630
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/ocfs2/namei.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/911fcc95b530615b484e8920741fc5e4bc4e684a
https://git.kernel.org/stable/c/9c19ea59965ebb482e227532f7bbb01792fb028c
https://git.kernel.org/stable/c/c5327720a4655303ffa3f632d86ee205dd783f32
https://git.kernel.org/stable/c/67c2c6d0564ca05348ba4f8f6eaf7a0713f56c15
https://git.kernel.org/stable/c/a84d507d3290aca249b44ae992af9e10590cc5f6
https://git.kernel.org/stable/c/03db61c43c8e2729896fda6b9a95c7fb5c875c20
https://git.kernel.org/stable/c/965b5dd1894f4525f38c1b5f99b0106a07dbb5db
Powered by blists - more mailing lists