CVE-2024-53112
Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? __pfx_do_error_trap+0x10/0x10 ? handle_invalid_op+0x34/0x40 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160 ? ocfs2_set_new_buffer_uptodate+0x144/0x160 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ocfs2_group_add+0x39f/0x15a0 ? __pfx_ocfs2_group_add+0x10/0x10 ? __pfx_lock_acquire+0x10/0x10 ? mnt_get_write_access+0x68/0x2b0 ? __pfx_lock_release+0x10/0x10 ? rcu_read_lock_any_held+0xb7/0x160 ? __pfx_rcu_read_lock_any_held+0x10/0x10 ? smack_log+0x123/0x540 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x226/0x2b0 ocfs2_ioctl+0x65e/0x7d0 ? __pfx_ocfs2_ioctl+0x10/0x10 ? smack_file_ioctl+0x29e/0x3a0 ? __pfx_smack_file_ioctl+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? __pfx_ocfs2_ioctl+0x10/0x10 __se_sys_ioctl+0xfb/0x170 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK> When 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular inode in 'ocfs2_verify_group_and_input()', corresponding buffer head remains cached and subsequent call to the same 'ioctl()' for the same inode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying to cache the same buffer head of that inode). Fix this by uncaching the buffer head with 'ocfs2_remove_from_cache()' on error path in 'ocfs2_group_add()'.
CVSS Details
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Threat Intelligence
Affected Products 11
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥2.6.25 – <4.19.325 |
| linux | linux_kernel | * | ≥4.20 – <6.1.119 |
| linux | linux_kernel | * | ≥6.2 – <6.6.63 |
| linux | linux_kernel | * | ≥6.7 – <6.11.10 |
| linux | linux_kernel | 6.12 | any |
| linux | linux_kernel | 6.12 | any |
| linux | linux_kernel | 6.12 | any |
| linux | linux_kernel | 6.12 | any |
| linux | linux_kernel | 6.12 | any |
| linux | linux_kernel | 6.12 | any |
| linux | linux_kernel | 6.12 | any |
References 10
- git.kernel.org https://git.kernel.org/stable/c/0e04746db2ec4aec04cef5763b9d9aa32829ae2f
- git.kernel.org https://git.kernel.org/stable/c/28d4ed71ae0b4baedca3e85ee6d8f227ec75ebf6
- git.kernel.org https://git.kernel.org/stable/c/5ae8cc0b0c027e9cab22596049bc4dd1cbc37ee4
- git.kernel.org https://git.kernel.org/stable/c/620d22598110b0d0cb97a3fcca65fc473ea86e73
- git.kernel.org https://git.kernel.org/stable/c/737f34137844d6572ab7d473c998c7f977ff30eb
- git.kernel.org https://git.kernel.org/stable/c/843dfc804af4b338ead42331dd58081b428ecdf8
- git.kernel.org https://git.kernel.org/stable/c/ac0cfe8ac35cf1be54131b90d114087b558777ca
- git.kernel.org https://git.kernel.org/stable/c/b751c50e19d66cfb7360c0b55cf17b0722252d12
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Remediation
- git.kernel.org https://git.kernel.org/stable/c/620d22598110b0d0cb97a3fcca65fc473ea86e73
- git.kernel.org https://git.kernel.org/stable/c/737f34137844d6572ab7d473c998c7f977ff30eb
- git.kernel.org https://git.kernel.org/stable/c/843dfc804af4b338ead42331dd58081b428ecdf8
- git.kernel.org https://git.kernel.org/stable/c/ac0cfe8ac35cf1be54131b90d114087b558777ca
- git.kernel.org https://git.kernel.org/stable/c/b751c50e19d66cfb7360c0b55cf17b0722252d12