fkie_cve-2024-56744
Vulnerability from fkie_nvd
Published
2024-12-29 12:15
Modified
2025-04-16 19:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() syzbot reports deadlock issue of f2fs as below: ====================================================== WARNING: possible circular locking dependency detected 6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 Not tainted ------------------------------------------------------ kswapd0/79 is trying to acquire lock: ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2199 [inline] ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068 but task is already holding lock: ffff88804bd92610 (sb_internal#2){.+.+}-{0:0}, at: f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (sb_internal#2){.+.+}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 percpu_down_read include/linux/percpu-rwsem.h:51 [inline] __sb_start_write include/linux/fs.h:1716 [inline] sb_start_intwrite+0x4d/0x1c0 include/linux/fs.h:1899 f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 evict+0x4e8/0x9b0 fs/inode.c:725 f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807 evict+0x4e8/0x9b0 fs/inode.c:725 dispose_list fs/inode.c:774 [inline] prune_icache_sb+0x239/0x2f0 fs/inode.c:963 super_cache_scan+0x38c/0x4b0 fs/super.c:223 do_shrink_slab+0x701/0x1160 mm/shrinker.c:435 shrink_slab+0x1093/0x14d0 mm/shrinker.c:662 shrink_one+0x43b/0x850 mm/vmscan.c:4818 shrink_many mm/vmscan.c:4879 [inline] lru_gen_shrink_node mm/vmscan.c:4957 [inline] shrink_node+0x3799/0x3de0 mm/vmscan.c:5937 kswapd_shrink_node mm/vmscan.c:6765 [inline] balance_pgdat mm/vmscan.c:6957 [inline] kswapd+0x1ca3/0x3700 mm/vmscan.c:7226 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #1 (fs_reclaim){+.+.}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __fs_reclaim_acquire mm/page_alloc.c:3834 [inline] fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3848 might_alloc include/linux/sched/mm.h:318 [inline] prepare_alloc_pages+0x147/0x5b0 mm/page_alloc.c:4493 __alloc_pages_noprof+0x16f/0x710 mm/page_alloc.c:4722 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 alloc_pages_noprof mm/mempolicy.c:2345 [inline] folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2352 filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1010 do_read_cache_folio+0x2eb/0x850 mm/filemap.c:3787 read_mapping_folio include/linux/pagemap.h:1011 [inline] f2fs_commit_super+0x3c0/0x7d0 fs/f2fs/super.c:4032 f2fs_record_stop_reason+0x13b/0x1d0 fs/f2fs/super.c:4079 f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174 f2fs_write_inode+0x35f/0x4d0 fs/f2fs/inode.c:785 write_inode fs/fs-writeback.c:1503 [inline] __writeback_single_inode+0x711/0x10d0 fs/fs-writeback.c:1723 writeback_single_inode+0x1f3/0x660 fs/fs-writeback.c:1779 sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2849 f2fs_release_file+0xa8/0x100 fs/f2fs/file.c:1941 __fput+0x23f/0x880 fs/file_table.c:431 task_work_run+0x24f/0x310 kernel/task_work.c:228 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f ---truncated---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1539a088b108996bcdaddb7775070b5163b14233Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/801092a2c9c251ef6a8678fcb8fcc1220474a697Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ecf4e6782b01fd578b565b3dd2be7bb0ac91082ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f10a890308a7cd8794e21f646f09827c6cb4bf5dPatch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D19234B8-D413-446B-AEF8-3A02C2A03442",
              "versionEndExcluding": "6.6.64",
              "versionStartIncluding": "6.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893",
              "versionEndExcluding": "6.11.11",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776",
              "versionEndExcluding": "6.12.2",
              "versionStartIncluding": "6.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential deadlock in f2fs_record_stop_reason()\n\nsyzbot reports deadlock issue of f2fs as below:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 Not tainted\n------------------------------------------------------\nkswapd0/79 is trying to acquire lock:\nffff888011824088 (\u0026sbi-\u003esb_lock){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2199 [inline]\nffff888011824088 (\u0026sbi-\u003esb_lock){++++}-{3:3}, at: f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068\n\nbut task is already holding lock:\nffff88804bd92610 (sb_internal#2){.+.+}-{0:0}, at: f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #2 (sb_internal#2){.+.+}-{0:0}:\n       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n       percpu_down_read include/linux/percpu-rwsem.h:51 [inline]\n       __sb_start_write include/linux/fs.h:1716 [inline]\n       sb_start_intwrite+0x4d/0x1c0 include/linux/fs.h:1899\n       f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842\n       evict+0x4e8/0x9b0 fs/inode.c:725\n       f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807\n       evict+0x4e8/0x9b0 fs/inode.c:725\n       dispose_list fs/inode.c:774 [inline]\n       prune_icache_sb+0x239/0x2f0 fs/inode.c:963\n       super_cache_scan+0x38c/0x4b0 fs/super.c:223\n       do_shrink_slab+0x701/0x1160 mm/shrinker.c:435\n       shrink_slab+0x1093/0x14d0 mm/shrinker.c:662\n       shrink_one+0x43b/0x850 mm/vmscan.c:4818\n       shrink_many mm/vmscan.c:4879 [inline]\n       lru_gen_shrink_node mm/vmscan.c:4957 [inline]\n       shrink_node+0x3799/0x3de0 mm/vmscan.c:5937\n       kswapd_shrink_node mm/vmscan.c:6765 [inline]\n       balance_pgdat mm/vmscan.c:6957 [inline]\n       kswapd+0x1ca3/0x3700 mm/vmscan.c:7226\n       kthread+0x2f0/0x390 kernel/kthread.c:389\n       ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n-\u003e #1 (fs_reclaim){+.+.}-{0:0}:\n       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n       __fs_reclaim_acquire mm/page_alloc.c:3834 [inline]\n       fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3848\n       might_alloc include/linux/sched/mm.h:318 [inline]\n       prepare_alloc_pages+0x147/0x5b0 mm/page_alloc.c:4493\n       __alloc_pages_noprof+0x16f/0x710 mm/page_alloc.c:4722\n       alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265\n       alloc_pages_noprof mm/mempolicy.c:2345 [inline]\n       folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2352\n       filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1010\n       do_read_cache_folio+0x2eb/0x850 mm/filemap.c:3787\n       read_mapping_folio include/linux/pagemap.h:1011 [inline]\n       f2fs_commit_super+0x3c0/0x7d0 fs/f2fs/super.c:4032\n       f2fs_record_stop_reason+0x13b/0x1d0 fs/f2fs/super.c:4079\n       f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174\n       f2fs_write_inode+0x35f/0x4d0 fs/f2fs/inode.c:785\n       write_inode fs/fs-writeback.c:1503 [inline]\n       __writeback_single_inode+0x711/0x10d0 fs/fs-writeback.c:1723\n       writeback_single_inode+0x1f3/0x660 fs/fs-writeback.c:1779\n       sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2849\n       f2fs_release_file+0xa8/0x100 fs/f2fs/file.c:1941\n       __fput+0x23f/0x880 fs/file_table.c:431\n       task_work_run+0x24f/0x310 kernel/task_work.c:228\n       resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n       exit_to_user_mode_loop kernel/entry/common.c:114 [inline]\n       exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]\n       __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n       syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218\n       do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89\n       entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n---truncated---"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para evitar un posible bloqueo en f2fs_record_stop_reason() syzbot informa un problema de bloqueo de f2fs como se muestra a continuaci\u00f3n: ========================================================= ADVERTENCIA: se detect\u00f3 una posible dependencia de bloqueo circular 6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 No contaminado ------------------------------------------------------ kswapd0/79 est\u00e1 intentando adquirir el bloqueo: ffff888011824088 (\u0026amp;sbi-\u0026gt;sb_lock){++++}-{3:3}, en: f2fs_down_write fs/f2fs/f2fs.h:2199 [inline] ffff888011824088 (\u0026amp;sbi-\u0026gt;sb_lock){++++}-{3:3}, en: f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068 pero la tarea ya tiene el bloqueo: ffff88804bd92610 (sb_internal#2){.+.+}-{0:0}, en: f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 cuyo bloqueo ya depende del nuevo bloqueo. la cadena de dependencia existente (en orden inverso) es: -\u0026gt; #2 (sb_internal#2){.+.+}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 percpu_down_read include/linux/percpu-rwsem.h:51 [en l\u00ednea] __sb_start_write include/linux/fs.h:1716 [en l\u00ednea] sb_start_intwrite+0x4d/0x1c0 include/linux/fs.h:1899 f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 evict+0x4e8/0x9b0 fs/inode.c:725 f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807 desalojar+0x4e8/0x9b0 fs/inode.c:725 lista_de_eliminaci\u00f3n fs/inode.c:774 [en l\u00ednea] podar_icache_sb+0x239/0x2f0 fs/inode.c:963 super_cache_scan+0x38c/0x4b0 fs/super.c:223 encoger_losa+0x701/0x1160 mm/shrinker.c:435 encoger_losa+0x1093/0x14d0 mm/shrinker.c:662 encoger_uno+0x43b/0x850 mm/vmscan.c:4818 encoger_muchos mm/vmscan.c:4879 [en l\u00ednea] nodo_de_encogimiento_lru_gen mm/vmscan.c:4957 [en l\u00ednea] nodo_reducci\u00f3n+0x3799/0x3de0 mm/vmscan.c:5937 nodo_reducci\u00f3n_kswapd mm/vmscan.c:6765 [en l\u00ednea] balance_pgdat mm/vmscan.c:6957 [en l\u00ednea] kswapd+0x1ca3/0x3700 mm/vmscan.c:7226 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_de_la_bifurcaci\u00f3n+0x4b/0x80 arch/x86/kernel/process.c:147 ret_de_la_bifurcaci\u00f3n_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -\u0026gt; #1 (fs_reclaim){+.+.}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __fs_reclaim_acquire mm/page_alloc.c:3834 [en l\u00ednea] fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3848 might_alloc include/linux/sched/mm.h:318 [en l\u00ednea] prepare_alloc_pages+0x147/0x5b0 mm/page_alloc.c:4493 __alloc_pages_noprof+0x16f/0x710 mm/page_alloc.c:4722 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 alloc_pages_noprof mm/mempolicy.c:2345 [en l\u00ednea] folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2352 filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1010 do_read_cache_folio+0x2eb/0x850 mm/filemap.c:3787 read_mapping_folio include/linux/pagemap.h:1011 [en l\u00ednea] f2fs_commit_super+0x3c0/0x7d0 fs/f2fs/super.c:4032 f2fs_record_stop_reason+0x13b/0x1d0 fs/f2fs/super.c:4079 f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174 f2fs_write_inode+0x35f/0x4d0 fs/f2fs/inode.c:785 escritura_inodo fs/fs-writeback.c:1503 [en l\u00ednea] __writeback_single_inode+0x711/0x10d0 fs/fs-writeback.c:1723 escritura_inversa_single_inode+0x1f3/0x660 fs/fs-writeback.c:1779 sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2849 f2fs_release_file+0xa8/0x100 fs/f2fs/file.c:1941 __fput+0x23f/0x880 fs/file_table.c:431 tarea_trabajo_ejecutar+0x24f/0x310 kernel/tarea_trabajo.c:228 reanudar_modo_usuario_trabajo include/linux/reanudar_modo_usuario.h:50 [en l\u00ednea] salir_al_bucle_modo_usuario kernel/entrada/com\u00fan.c:114 [en l\u00ednea] salir_al_bucle_modo_usuario_preparar include/linux/entrada-com\u00fan.h:328 [en l\u00ednea] __syscall_salir_al_modo_usuario_trabajo kernel/entrada/com\u00fan.c:207 [en l\u00ednea] syscall_salir_al_modo_usuario_trabajo+0x168/0x370 kernel/entrada/com\u00fan.c:218 hacer_syscall_64+0x100/0x230 arch/x86/entrada/com\u00fan.c:89 entrada_SYSCALL_64_after_hwframe+0x77/0x7f ---truncado---"
    }
  ],
  "id": "CVE-2024-56744",
  "lastModified": "2025-04-16T19:15:52.783",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-12-29T12:15:07.817",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/1539a088b108996bcdaddb7775070b5163b14233"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/801092a2c9c251ef6a8678fcb8fcc1220474a697"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ecf4e6782b01fd578b565b3dd2be7bb0ac91082e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f10a890308a7cd8794e21f646f09827c6cb4bf5d"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-667"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.