CVE-2024-40943

CVE Details

Release Date:2024-07-12

Description


In the Linux kernel, the following vulnerability has been resolved:\nocfs2: fix races between hole punching and AIO+DIO\nAfter commit 'ocfs2: return real error code in ocfs2_dio_wr_get_block',\nfstests/generic/300 become from always failed to sometimes failed:\n========================================================================\n[ 473.293420 ] run fstests generic/300\n[ 475.296983 ] JBD2: Ignoring recovery information on journal\n[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.\n[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found\n[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.\n[ 494.292018 ] OCFS2: File system is now read-only.\n[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30\n[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3\nfio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072\n=========================================================================\nIn __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten\nextents to a list. extents are also inserted into extent tree in\nocfs2_write_begin_nolock. Then another thread call fallocate to puch a\nhole at one of the unwritten extent. The extent at cpos was removed by\nocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list\nfound there is no such extent at the cpos.\nT1 T2 T3\ninode lock\n...\ninsert extents\n...\ninode unlock\nocfs2_fallocate\n__ocfs2_change_file_space\ninode lock\nlock ip_alloc_sem\nocfs2_remove_inode_range inode\nocfs2_remove_btree_range\nocfs2_remove_extent\n^---remove the extent at cpos 78723\n...\nunlock ip_alloc_sem\ninode unlock\nocfs2_dio_end_io\nocfs2_dio_end_io_write\nlock ip_alloc_sem\nocfs2_mark_extent_written\nocfs2_change_extent_flag\nocfs2_search_extent_list\n^---failed to find extent\n...\nunlock ip_alloc_sem\nIn most filesystems, fallocate is not compatible with racing with AIO+DIO,\nso fix it by adding to wait for all dio before fallocate/punch_hole like\next4.

See more information about CVE-2024-40943 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v3 metrics

Base Score: 4.7
Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Attack Vector: Local
Attack Complexity: High
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 6 (kernel-uek)ELSA-2024-128512024-11-27
Oracle Linux version 7 (kernel-uek)ELSA-2024-126102024-09-10
Oracle Linux version 7 (kernel-uek)ELSA-2024-127792024-10-11
Oracle Linux version 7 (kernel-uek)ELSA-2024-128512024-11-27
Oracle Linux version 7 (kernel-uek-container)ELSA-2024-126122024-09-11
Oracle Linux version 8 (kernel-uek)ELSA-2024-126102024-09-10
Oracle Linux version 8 (kernel-uek)ELSA-2024-126182024-09-12
Oracle Linux version 8 (kernel-uek-container)ELSA-2024-126122024-09-11
Oracle Linux version 9 (kernel-uek)ELSA-2024-126182024-09-12
Oracle VM version 3 (kernel-uek)OVMSA-2024-00162024-12-03


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete