CVE-2024-43826 (GCVE-0-2024-43826)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:21 – Updated: 2025-05-04 09:27
VLAI?
Title
nfs: pass explicit offset/count to trace events
Summary
In the Linux kernel, the following vulnerability has been resolved: nfs: pass explicit offset/count to trace events nfs_folio_length is unsafe to use without having the folio locked and a check for a NULL ->f_mapping that protects against truncations and can lead to kernel crashes. E.g. when running xfstests generic/065 with all nfs trace points enabled. Follow the model of the XFS trace points and pass in an explіcit offset and length. This has the additional benefit that these values can be more accurate as some of the users touch partial folio ranges.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: eb5654b3b89d5e836312cea9f3fdb49457852e89 , < 387e6e9d110250946df4d4ebef9c2def5c7a4722 (git)
Affected: eb5654b3b89d5e836312cea9f3fdb49457852e89 , < fada32ed6dbc748f447c8d050a961b75d946055a (git)
Create a notification for this product.
    Linux Linux Affected: 6.3
Unaffected: 0 , < 6.3 (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43826",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:08:44.823847Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:24.297Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/file.c",
            "fs/nfs/nfstrace.h",
            "fs/nfs/read.c",
            "fs/nfs/write.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "387e6e9d110250946df4d4ebef9c2def5c7a4722",
              "status": "affected",
              "version": "eb5654b3b89d5e836312cea9f3fdb49457852e89",
              "versionType": "git"
            },
            {
              "lessThan": "fada32ed6dbc748f447c8d050a961b75d946055a",
              "status": "affected",
              "version": "eb5654b3b89d5e836312cea9f3fdb49457852e89",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/file.c",
            "fs/nfs/nfstrace.h",
            "fs/nfs/read.c",
            "fs/nfs/write.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL -\u003ef_mapping that protects against truncations and can\nlead to kernel crashes.  E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an expl\u0456cit offset\nand length.  This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:27:07.687Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722"
        },
        {
          "url": "https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a"
        }
      ],
      "title": "nfs: pass explicit offset/count to trace events",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43826",
    "datePublished": "2024-08-17T09:21:45.988Z",
    "dateReserved": "2024-08-17T09:11:59.272Z",
    "dateUpdated": "2025-05-04T09:27:07.687Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnfs: pass explicit offset/count to trace events\\n\\nnfs_folio_length is unsafe to use without having the folio locked and a\\ncheck for a NULL -\u003ef_mapping that protects against truncations and can\\nlead to kernel crashes.  E.g. when running xfstests generic/065 with\\nall nfs trace points enabled.\\n\\nFollow the model of the XFS trace points and pass in an expl\\u0456cit offset\\nand length.  This has the additional benefit that these values can\\nbe more accurate as some of the users touch partial folio ranges.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfs: pasar compensaci\\u00f3n/recuento expl\\u00edcito para rastrear eventos nfs_folio_length no es seguro de usar sin tener el folio bloqueado y una verificaci\\u00f3n de NULL -\u0026gt;f_mapping que protege contra truncamientos y puede llevar al kernel accidentes. Por ejemplo, cuando se ejecuta xfstests generic/065 con todos los puntos de seguimiento nfs habilitados. Siga el modelo de los puntos de seguimiento XFS y pase un desplazamiento y una longitud expl\\u00edcitos. Esto tiene el beneficio adicional de que estos valores pueden ser m\\u00e1s precisos ya que algunos de los usuarios tocan rangos de folios parciales.\"}]",
      "id": "CVE-2024-43826",
      "lastModified": "2024-09-12T18:15:09.137",
      "published": "2024-08-17T10:15:08.593",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-43826\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-08-17T10:15:08.593\",\"lastModified\":\"2025-09-29T15:28:17.373\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnfs: pass explicit offset/count to trace events\\n\\nnfs_folio_length is unsafe to use without having the folio locked and a\\ncheck for a NULL -\u003ef_mapping that protects against truncations and can\\nlead to kernel crashes.  E.g. when running xfstests generic/065 with\\nall nfs trace points enabled.\\n\\nFollow the model of the XFS trace points and pass in an expl\u0456cit offset\\nand length.  This has the additional benefit that these values can\\nbe more accurate as some of the users touch partial folio ranges.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfs: pasar compensaci\u00f3n/recuento expl\u00edcito para rastrear eventos nfs_folio_length no es seguro de usar sin tener el folio bloqueado y una verificaci\u00f3n de NULL -\u0026gt;f_mapping que protege contra truncamientos y puede llevar al kernel accidentes. Por ejemplo, cuando se ejecuta xfstests generic/065 con todos los puntos de seguimiento nfs habilitados. Siga el modelo de los puntos de seguimiento XFS y pase un desplazamiento y una longitud expl\u00edcitos. Esto tiene el beneficio adicional de que estos valores pueden ser m\u00e1s precisos ya que algunos de los usuarios tocan rangos de folios parciales.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.3\",\"versionEndExcluding\":\"6.10.3\",\"matchCriteriaId\":\"3F6F82DA-1324-4F20-9478-213502A06158\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-43826\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T16:08:44.823847Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:23.197Z\"}}], \"cna\": {\"title\": \"nfs: pass explicit offset/count to trace events\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"eb5654b3b89d5e836312cea9f3fdb49457852e89\", \"lessThan\": \"387e6e9d110250946df4d4ebef9c2def5c7a4722\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"eb5654b3b89d5e836312cea9f3fdb49457852e89\", \"lessThan\": \"fada32ed6dbc748f447c8d050a961b75d946055a\", \"versionType\": \"git\"}], \"programFiles\": [\"fs/nfs/file.c\", \"fs/nfs/nfstrace.h\", \"fs/nfs/read.c\", \"fs/nfs/write.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.3\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.3\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.10.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.10.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/nfs/file.c\", \"fs/nfs/nfstrace.h\", \"fs/nfs/read.c\", \"fs/nfs/write.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722\"}, {\"url\": \"https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnfs: pass explicit offset/count to trace events\\n\\nnfs_folio_length is unsafe to use without having the folio locked and a\\ncheck for a NULL -\u003ef_mapping that protects against truncations and can\\nlead to kernel crashes.  E.g. when running xfstests generic/065 with\\nall nfs trace points enabled.\\n\\nFollow the model of the XFS trace points and pass in an expl\\u0456cit offset\\nand length.  This has the additional benefit that these values can\\nbe more accurate as some of the users touch partial folio ranges.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.10.3\", \"versionStartIncluding\": \"6.3\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.11\", \"versionStartIncluding\": \"6.3\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T09:27:07.687Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-43826\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T09:27:07.687Z\", \"dateReserved\": \"2024-08-17T09:11:59.272Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-08-17T09:21:45.988Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}