Release Date: | 2024-07-12 |
In the Linux kernel, the following vulnerability has been resolved:\nocfs2: fix races between hole punching and AIO+DIO\nAfter commit 'ocfs2: return real error code in ocfs2_dio_wr_get_block',\nfstests/generic/300 become from always failed to sometimes failed:\n========================================================================\n[ 473.293420 ] run fstests generic/300\n[ 475.296983 ] JBD2: Ignoring recovery information on journal\n[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.\n[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found\n[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.\n[ 494.292018 ] OCFS2: File system is now read-only.\n[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30\n[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3\nfio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072\n=========================================================================\nIn __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten\nextents to a list. extents are also inserted into extent tree in\nocfs2_write_begin_nolock. Then another thread call fallocate to puch a\nhole at one of the unwritten extent. The extent at cpos was removed by\nocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list\nfound there is no such extent at the cpos.\nT1 T2 T3\ninode lock\n...\ninsert extents\n...\ninode unlock\nocfs2_fallocate\n__ocfs2_change_file_space\ninode lock\nlock ip_alloc_sem\nocfs2_remove_inode_range inode\nocfs2_remove_btree_range\nocfs2_remove_extent\n^---remove the extent at cpos 78723\n...\nunlock ip_alloc_sem\ninode unlock\nocfs2_dio_end_io\nocfs2_dio_end_io_write\nlock ip_alloc_sem\nocfs2_mark_extent_written\nocfs2_change_extent_flag\nocfs2_search_extent_list\n^---failed to find extent\n...\nunlock ip_alloc_sem\nIn most filesystems, fallocate is not compatible with racing with AIO+DIO,\nso fix it by adding to wait for all dio before fallocate/punch_hole like\next4.
See more information about CVE-2024-40943 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
Base Score: | 4.7 | CVSS Vector: | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Attack Vector: | Local network | Attack Complexity: | High |
Privileges Required: | Low | User Interaction: | None |
Scope: | Unchanged | Confidentiality Impact: | None |
Integrity Impact: | None | Availability Impact: | High |
Platform | Errata | Release Date |
Oracle Linux version 7 (kernel-uek) | ELSA-2024-12610 | 2024-09-10 |
Oracle Linux version 7 (kernel-uek) | ELSA-2024-12779 | 2024-10-11 |
Oracle Linux version 7 (kernel-uek-container) | ELSA-2024-12612 | 2024-09-11 |
Oracle Linux version 8 (kernel-uek) | ELSA-2024-12610 | 2024-09-10 |
Oracle Linux version 8 (kernel-uek) | ELSA-2024-12618 | 2024-09-12 |
Oracle Linux version 8 (kernel-uek-container) | ELSA-2024-12612 | 2024-09-11 |
Oracle Linux version 9 (kernel-uek) | ELSA-2024-12618 | 2024-09-12 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections: