CVE-2024-38582
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-38582
CVE Details
| Release Date: | 2024-06-19 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nnilfs2: fix potential hang in nilfs_detach_log_writer()\nSyzbot has reported a potential hang in nilfs_detach_log_writer() called\nduring nilfs2 unmount.\nAnalysis revealed that this is because nilfs_segctor_sync(), which\nsynchronizes with the log writer thread, can be called after\nnilfs_segctor_destroy() terminates that thread, as shown in the call trace\nbelow:\nnilfs_detach_log_writer\nnilfs_segctor_destroy\nnilfs_segctor_kill_thread --> Shut down log writer thread\nflush_work\nnilfs_iput_work_func\nnilfs_dispose_list\niput\nnilfs_evict_inode\nnilfs_transaction_commit\nnilfs_construct_segment (if inode needs sync)\nnilfs_segctor_sync --> Attempt to synchronize with\nlog writer thread\n*** DEADLOCK ***\nFix this issue by changing nilfs_segctor_sync() so that the log writer\nthread returns normally without synchronizing after it terminates, and by\nforcing tasks that are already waiting to complete once after the thread\nterminates.\nThe skipped inode metadata flushout will then be processed together in the\nsubsequent cleanup work in nilfs_segctor_destroy().
See more information about CVE-2024-38582 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 5.5 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | Low | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12581 | 2024-08-12 |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12611 | 2024-09-11 |
| Oracle Linux version 7 (kernel-uek-container) | ELSA-2024-12585 | 2024-08-12 |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12581 | 2024-08-12 |
| Oracle Linux version 8 (kernel-uek-container) | ELSA-2024-12584 | 2024-08-12 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
