gsd-2024-26848
Vulnerability from gsd
Modified
2024-02-20 06:02
Details
In the Linux kernel, the following vulnerability has been resolved:
afs: Fix endless loop in directory parsing
If a directory has a block with only ".__afsXXXX" files in it (from
uncompleted silly-rename), these .__afsXXXX files are skipped but without
advancing the file position in the dir_context. This leads to
afs_dir_iterate() repeating the block again and again.
Fix this by making the code that skips the .__afsXXXX file also manually
advance the file position.
The symptoms are a soft lookup:
watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737]
...
RIP: 0010:afs_dir_iterate_block+0x39/0x1fd
...
? watchdog_timer_fn+0x1a6/0x213
...
? asm_sysvec_apic_timer_interrupt+0x16/0x20
? afs_dir_iterate_block+0x39/0x1fd
afs_dir_iterate+0x10a/0x148
afs_readdir+0x30/0x4a
iterate_dir+0x93/0xd3
__do_sys_getdents64+0x6b/0xd4
This is almost certainly the actual fix for:
https://bugzilla.kernel.org/show_bug.cgi?id=218496
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-26848"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix endless loop in directory parsing\n\nIf a directory has a block with only \".__afsXXXX\" files in it (from\nuncompleted silly-rename), these .__afsXXXX files are skipped but without\nadvancing the file position in the dir_context. This leads to\nafs_dir_iterate() repeating the block again and again.\n\nFix this by making the code that skips the .__afsXXXX file also manually\nadvance the file position.\n\nThe symptoms are a soft lookup:\n\n watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737]\n ...\n RIP: 0010:afs_dir_iterate_block+0x39/0x1fd\n ...\n ? watchdog_timer_fn+0x1a6/0x213\n ...\n ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n ? afs_dir_iterate_block+0x39/0x1fd\n afs_dir_iterate+0x10a/0x148\n afs_readdir+0x30/0x4a\n iterate_dir+0x93/0xd3\n __do_sys_getdents64+0x6b/0xd4\n\nThis is almost certainly the actual fix for:\n\n https://bugzilla.kernel.org/show_bug.cgi?id=218496",
"id": "GSD-2024-26848",
"modified": "2024-02-20T06:02:29.202231Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@kernel.org",
"ID": "CVE-2024-26848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "01d15b68f041",
"version_value": "5c78be006ed9"
},
{
"version_affected": "\u003c",
"version_name": "8499e2f1218e",
"version_value": "96370ba395c5"
},
{
"version_affected": "\u003c",
"version_name": "21a2115e0ca0",
"version_value": "80b15346492b"
},
{
"version_affected": "\u003c",
"version_name": "ab49164c6080",
"version_value": "058ed71e0f7a"
},
{
"version_affected": "\u003c",
"version_name": "a53411e805e0",
"version_value": "f67898867b6b"
},
{
"version_affected": "\u003c",
"version_name": "fa70c6954aab",
"version_value": "fe02316e4933"
},
{
"version_affected": "\u003c",
"version_name": "57e9d49c5452",
"version_value": "5f7a07646655"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "custom"
}
]
}
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix endless loop in directory parsing\n\nIf a directory has a block with only \".__afsXXXX\" files in it (from\nuncompleted silly-rename), these .__afsXXXX files are skipped but without\nadvancing the file position in the dir_context. This leads to\nafs_dir_iterate() repeating the block again and again.\n\nFix this by making the code that skips the .__afsXXXX file also manually\nadvance the file position.\n\nThe symptoms are a soft lookup:\n\n watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737]\n ...\n RIP: 0010:afs_dir_iterate_block+0x39/0x1fd\n ...\n ? watchdog_timer_fn+0x1a6/0x213\n ...\n ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n ? afs_dir_iterate_block+0x39/0x1fd\n afs_dir_iterate+0x10a/0x148\n afs_readdir+0x30/0x4a\n iterate_dir+0x93/0xd3\n __do_sys_getdents64+0x6b/0xd4\n\nThis is almost certainly the actual fix for:\n\n https://bugzilla.kernel.org/show_bug.cgi?id=218496"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/stable/c/5c78be006ed9cb735ac2abf4fd64f3f4ea26da31",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/5c78be006ed9cb735ac2abf4fd64f3f4ea26da31"
},
{
"name": "https://git.kernel.org/stable/c/854ebf45a4ddd4cadeffb6644e88d19020634e1a",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/854ebf45a4ddd4cadeffb6644e88d19020634e1a"
},
{
"name": "https://git.kernel.org/stable/c/96370ba395c572ef496fd2c7afc4a1ab3dedd3f0",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/96370ba395c572ef496fd2c7afc4a1ab3dedd3f0"
},
{
"name": "https://git.kernel.org/stable/c/b94f434fe977689da4291dc21717790b9bd1c064",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/b94f434fe977689da4291dc21717790b9bd1c064"
},
{
"name": "https://git.kernel.org/stable/c/80b15346492bdba677bbb0adefc611910e505f7b",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/80b15346492bdba677bbb0adefc611910e505f7b"
},
{
"name": "https://git.kernel.org/stable/c/a6ffae61ad9ebf2fdcb943135b2f30c85f49cd27",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/a6ffae61ad9ebf2fdcb943135b2f30c85f49cd27"
},
{
"name": "https://git.kernel.org/stable/c/058ed71e0f7aa3b6694ca357e23d084e5d3f2470",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/058ed71e0f7aa3b6694ca357e23d084e5d3f2470"
},
{
"name": "https://git.kernel.org/stable/c/76426abf9b980b46983f97de8e5b25047b4c9863",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/76426abf9b980b46983f97de8e5b25047b4c9863"
},
{
"name": "https://git.kernel.org/stable/c/f67898867b6b0f4542cddc7fe57997978b948a7a",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/f67898867b6b0f4542cddc7fe57997978b948a7a"
},
{
"name": "https://git.kernel.org/stable/c/106e14ca55a0acb3236ee98813a1d243f8aa2d05",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/106e14ca55a0acb3236ee98813a1d243f8aa2d05"
},
{
"name": "https://git.kernel.org/stable/c/fe02316e4933befc621fa125efb8f8b4d04cceec",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/fe02316e4933befc621fa125efb8f8b4d04cceec"
},
{
"name": "https://git.kernel.org/stable/c/9c41f4935625218a2053a2dce1423c3054169809",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/9c41f4935625218a2053a2dce1423c3054169809"
},
{
"name": "https://git.kernel.org/stable/c/5f7a07646655fb4108da527565dcdc80124b14c4",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/5f7a07646655fb4108da527565dcdc80124b14c4"
},
{
"name": "https://git.kernel.org/stable/c/2afdd0cb02329464d77f3ec59468395c791a51a4",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/2afdd0cb02329464d77f3ec59468395c791a51a4"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix endless loop in directory parsing\n\nIf a directory has a block with only \".__afsXXXX\" files in it (from\nuncompleted silly-rename), these .__afsXXXX files are skipped but without\nadvancing the file position in the dir_context. This leads to\nafs_dir_iterate() repeating the block again and again.\n\nFix this by making the code that skips the .__afsXXXX file also manually\nadvance the file position.\n\nThe symptoms are a soft lookup:\n\n watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737]\n ...\n RIP: 0010:afs_dir_iterate_block+0x39/0x1fd\n ...\n ? watchdog_timer_fn+0x1a6/0x213\n ...\n ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n ? afs_dir_iterate_block+0x39/0x1fd\n afs_dir_iterate+0x10a/0x148\n afs_readdir+0x30/0x4a\n iterate_dir+0x93/0xd3\n __do_sys_getdents64+0x6b/0xd4\n\nThis is almost certainly the actual fix for:\n\n https://bugzilla.kernel.org/show_bug.cgi?id=218496"
}
],
"id": "CVE-2024-26848",
"lastModified": "2024-04-17T12:48:07.510",
"metrics": {},
"published": "2024-04-17T11:15:08.323",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/058ed71e0f7aa3b6694ca357e23d084e5d3f2470"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/106e14ca55a0acb3236ee98813a1d243f8aa2d05"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/2afdd0cb02329464d77f3ec59468395c791a51a4"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/5c78be006ed9cb735ac2abf4fd64f3f4ea26da31"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/5f7a07646655fb4108da527565dcdc80124b14c4"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/76426abf9b980b46983f97de8e5b25047b4c9863"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/80b15346492bdba677bbb0adefc611910e505f7b"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/854ebf45a4ddd4cadeffb6644e88d19020634e1a"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/96370ba395c572ef496fd2c7afc4a1ab3dedd3f0"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/9c41f4935625218a2053a2dce1423c3054169809"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/a6ffae61ad9ebf2fdcb943135b2f30c85f49cd27"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/b94f434fe977689da4291dc21717790b9bd1c064"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/f67898867b6b0f4542cddc7fe57997978b948a7a"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/fe02316e4933befc621fa125efb8f8b4d04cceec"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…