cve/published/2024/CVE-2024-39469.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors

 The error handling in nilfs_empty_dir() when a directory folio/page read
 fails is incorrect, as in the old ext2 implementation, and if the
 folio/page cannot be read or nilfs_check_folio() fails, it will falsely
 determine the directory as empty and corrupt the file system.

 In addition, since nilfs_empty_dir() does not immediately return on a
 failed folio/page read, but continues to loop, this can cause a long loop
 with I/O if i_size of the directory's inode is also corrupted, causing the
 log writer thread to wait and hang, as reported by syzbot.

 Fix these issues by making nilfs_empty_dir() immediately return a false
 value (0) if it fails to get a directory folio/page.

 The Linux kernel CVE team has assigned CVE-2024-39469 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 4.19.317 with commit 2ac8a2fe22bdde9eecce2a42cf5cab79333fb428
 	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 5.4.279 with commit 405b71f1251e5ae865f53bd27c45114e6c83bee3
 	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 5.10.221 with commit c77ad608df6c091fe64ecb91f41ef7cb465587f1
 	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 5.15.162 with commit 11a2edb70356a2202dcb7c9c189c8356ab4752cd
 	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 6.1.95 with commit 129dcd3e7d036218db3f59c82d82004b9539ed82
 	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 6.6.35 with commit d18b05eda7fa77f02114f15b02c009f28ee42346
 	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 6.9.5 with commit 59f14875a96ef93f05b82ad3c980605f2cb444b5
 	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 6.10 with commit 7373a51e7998b508af7136530f3a997b286ce81c

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-39469
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/nilfs2/dir.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/2ac8a2fe22bdde9eecce2a42cf5cab79333fb428
 	https://git.kernel.org/stable/c/405b71f1251e5ae865f53bd27c45114e6c83bee3
 	https://git.kernel.org/stable/c/c77ad608df6c091fe64ecb91f41ef7cb465587f1
 	https://git.kernel.org/stable/c/11a2edb70356a2202dcb7c9c189c8356ab4752cd
 	https://git.kernel.org/stable/c/129dcd3e7d036218db3f59c82d82004b9539ed82
 	https://git.kernel.org/stable/c/d18b05eda7fa77f02114f15b02c009f28ee42346
 	https://git.kernel.org/stable/c/59f14875a96ef93f05b82ad3c980605f2cb444b5
 	https://git.kernel.org/stable/c/7373a51e7998b508af7136530f3a997b286ce81c
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors

	The error handling in nilfs_empty_dir() when a directory folio/page read
	fails is incorrect, as in the old ext2 implementation, and if the
	folio/page cannot be read or nilfs_check_folio() fails, it will falsely
	determine the directory as empty and corrupt the file system.

	In addition, since nilfs_empty_dir() does not immediately return on a
	failed folio/page read, but continues to loop, this can cause a long loop
	with I/O if i_size of the directory's inode is also corrupted, causing the
	log writer thread to wait and hang, as reported by syzbot.

	Fix these issues by making nilfs_empty_dir() immediately return a false
	value (0) if it fails to get a directory folio/page.

	The Linux kernel CVE team has assigned CVE-2024-39469 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 4.19.317 with commit 2ac8a2fe22bdde9eecce2a42cf5cab79333fb428
	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 5.4.279 with commit 405b71f1251e5ae865f53bd27c45114e6c83bee3
	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 5.10.221 with commit c77ad608df6c091fe64ecb91f41ef7cb465587f1
	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 5.15.162 with commit 11a2edb70356a2202dcb7c9c189c8356ab4752cd
	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 6.1.95 with commit 129dcd3e7d036218db3f59c82d82004b9539ed82
	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 6.6.35 with commit d18b05eda7fa77f02114f15b02c009f28ee42346
	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 6.9.5 with commit 59f14875a96ef93f05b82ad3c980605f2cb444b5
	Issue introduced in 2.6.30 with commit 2ba466d74ed74f073257f86e61519cb8f8f46184 and fixed in 6.10 with commit 7373a51e7998b508af7136530f3a997b286ce81c

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-39469
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/nilfs2/dir.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/2ac8a2fe22bdde9eecce2a42cf5cab79333fb428
	https://git.kernel.org/stable/c/405b71f1251e5ae865f53bd27c45114e6c83bee3
	https://git.kernel.org/stable/c/c77ad608df6c091fe64ecb91f41ef7cb465587f1
	https://git.kernel.org/stable/c/11a2edb70356a2202dcb7c9c189c8356ab4752cd
	https://git.kernel.org/stable/c/129dcd3e7d036218db3f59c82d82004b9539ed82
	https://git.kernel.org/stable/c/d18b05eda7fa77f02114f15b02c009f28ee42346
	https://git.kernel.org/stable/c/59f14875a96ef93f05b82ad3c980605f2cb444b5
	https://git.kernel.org/stable/c/7373a51e7998b508af7136530f3a997b286ce81c