Linux Kernel up to 6.10.2 fs/erofs/zutil.c z_erofs_get_gbuf race condition

Summaryinfo

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.10.2. This affects the function z_erofs_get_gbuf of the file fs/erofs/zutil.c. The manipulation leads to race condition. This vulnerability is uniquely identified as CVE-2024-42300. No exploit exists. You should upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.10.2. This issue affects the function z_erofs_get_gbuf of the file fs/erofs/zutil.c. The manipulation with an unknown input leads to a race condition vulnerability. Using CWE to declare the problem leads to CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. The impact remains unknown. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: erofs: fix race in z_erofs_get_gbuf() In z_erofs_get_gbuf(), the current task may be migrated to another CPU between `z_erofs_gbuf_id()` and `spin_lock(&gbuf->lock)`. Therefore, z_erofs_put_gbuf() will trigger the following issue which was found by stress test: [772156.434168] kernel BUG at fs/erofs/zutil.c:58! .. [772156.435007] [772156.439237] CPU: 0 PID: 3078 Comm: stress Kdump: loaded Tainted: G E 6.10.0-rc7+ #2 [772156.439239] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 1.0.0 01/01/2017 [772156.439241] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [772156.439243] pc : z_erofs_put_gbuf+0x64/0x70 [erofs] [772156.439252] lr : z_erofs_lz4_decompress+0x600/0x6a0 [erofs] .. [772156.445958] stress (3127): drop_caches: 1 [772156.446120] Call trace: [772156.446121] z_erofs_put_gbuf+0x64/0x70 [erofs] [772156.446761] z_erofs_lz4_decompress+0x600/0x6a0 [erofs] [772156.446897] z_erofs_decompress_queue+0x740/0xa10 [erofs] [772156.447036] z_erofs_runqueue+0x428/0x8c0 [erofs] [772156.447160] z_erofs_readahead+0x224/0x390 [erofs] ..

The advisory is shared at git.kernel.org. The identification of this vulnerability is CVE-2024-42300 since 07/30/2024. The exploitation is known to be difficult. Technical details are known, but no exploit is available.

Upgrading to version 6.10.3 eliminates this vulnerability. Applying the patch 49b22e06a947/7dc5537c3f8b is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2024-1875). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Affected

• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• IBM InfoSphere Guardium
• Oracle Linux
• IBM Security Guardium
• RESF Rocky Linux
• Broadcom Brocade SANnav
• Open Source Linux Kernel
• IBM QRadar SIEM
• IBM Spectrum Protect Plus
• SolarWinds Security Event Manager
• IBM DataPower Gateway
• Dell NetWorker

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.10.0
• 6.10.1
• 6.10.2

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion