{"vulnerability": "CVE-2024-56780", "sightings": [{"uuid": "18d9a046-1a2d-4b6c-b88b-0d8f4f120ba4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56780", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfarhh3apq2i", "content": "", "creation_timestamp": "2025-01-08T18:16:05.253215Z"}, {"uuid": "abcaa820-6c42-4298-91db-fe5033c35b72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56780", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113794125498890301", "content": "", "creation_timestamp": "2025-01-08T18:22:38.182163Z"}, {"uuid": "b1e42d45-0555-42b9-a102-61857a2fa7b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56780", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "e7027454-a5b5-4a48-88e3-373934c2805e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56780", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/773", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56780\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nquota: flush quota_release_work upon quota writeback\n\nOne of the paths quota writeback is called from is:\n\nfreeze_super()\n  sync_filesystem()\n    ext4_sync_fs()\n      dquot_writeback_dquots()\n\nSince we currently don't always flush the quota_release_work queue in\nthis path, we can end up with the following race:\n\n 1. dquot are added to releasing_dquots list during regular operations.\n 2. FS Freeze starts, however, this does not flush the quota_release_work queue.\n 3. Freeze completes.\n 4. Kernel eventually tries to flush the workqueue while FS is frozen which\n    hits a WARN_ON since transaction gets started during frozen state:\n\n  ext4_journal_check_start+0x28/0x110 [ext4] (unreliable)\n  __ext4_journal_start_sb+0x64/0x1c0 [ext4]\n  ext4_release_dquot+0x90/0x1d0 [ext4]\n  quota_release_workfn+0x43c/0x4d0\n\nWhich is the following line:\n\n  WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE);\n\nWhich ultimately results in generic/390 failing due to dmesg\nnoise. This was detected on powerpc machine 15 cores.\n\nTo avoid this, make sure to flush the workqueue during\ndquot_writeback_dquots() so we dont have any pending workitems after\nfreeze.\n\ud83d\udccf Published: 2025-01-08T17:49:17.889Z\n\ud83d\udccf Modified: 2025-01-08T17:49:17.889Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/a5abba5e0e586e258ded3e798fe5f69c66fec198\n2. https://git.kernel.org/stable/c/6f3821acd7c3143145999248087de5fb4b48cf26\n3. https://git.kernel.org/stable/c/ab6cfcf8ed2c7496f55d020b65b1d8cd55d9a2cb\n4. https://git.kernel.org/stable/c/3e6ff207cd5bd924ad94cd1a7c633bcdac0ba1cb\n5. https://git.kernel.org/stable/c/bcacb52a985f1b6d280f698a470b873dfe52728a\n6. https://git.kernel.org/stable/c/8ea87e34792258825d290f4dc5216276e91cb224\n7. https://git.kernel.org/stable/c/ac6f420291b3fee1113f21d612fa88b628afab5b", "creation_timestamp": "2025-01-08T18:21:03.000000Z"}, {"uuid": "e2a2a683-a5ba-41cd-971c-ae75fd78426f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56780", "type": "seen", "source": "https://t.me/cvedetector/14717", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56780 - Linux quota kernel Freeze\u2122 DoS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56780 \nPublished : Jan. 8, 2025, 6:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nquota: flush quota_release_work upon quota writeback  \n  \nOne of the paths quota writeback is called from is:  \n  \nfreeze_super()  \n  sync_filesystem()  \n    ext4_sync_fs()  \n      dquot_writeback_dquots()  \n  \nSince we currently don't always flush the quota_release_work queue in  \nthis path, we can end up with the following race:  \n  \n 1. dquot are added to releasing_dquots list during regular operations.  \n 2. FS Freeze starts, however, this does not flush the quota_release_work queue.  \n 3. Freeze completes.  \n 4. Kernel eventually tries to flush the workqueue while FS is frozen which  \n    hits a WARN_ON since transaction gets started during frozen state:  \n  \n  ext4_journal_check_start+0x28/0x110 [ext4] (unreliable)  \n  __ext4_journal_start_sb+0x64/0x1c0 [ext4]  \n  ext4_release_dquot+0x90/0x1d0 [ext4]  \n  quota_release_workfn+0x43c/0x4d0  \n  \nWhich is the following line:  \n  \n  WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE);  \n  \nWhich ultimately results in generic/390 failing due to dmesg  \nnoise. This was detected on powerpc machine 15 cores.  \n  \nTo avoid this, make sure to flush the workqueue during  \ndquot_writeback_dquots() so we dont have any pending workitems after  \nfreeze. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T20:00:03.000000Z"}]}