cve/published/2024/CVE-2024-50065.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-50065: ntfs3: Change to non-blocking allocation in ntfs_d_hash

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 ntfs3: Change to non-blocking allocation in ntfs_d_hash

 d_hash is done while under "rcu-walk" and should not sleep.
 __get_name() allocates using GFP_KERNEL, having the possibility
 to sleep when under memory pressure. Change the allocation to
 GFP_NOWAIT.

 The Linux kernel CVE team has assigned CVE-2024-50065 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.6.44 with commit 58ebd50d22529f79d2497abbb006137a7c7f5336 and fixed in 6.6.57 with commit c556e72cea2a1131ae418be017dd6fc76fffe2fb
 	Issue introduced in 6.11 with commit d392e85fd1e8d58e460c17ca7d0d5c157848d9c1 and fixed in 6.11.4 with commit d0c710372e238510db08ea01e7b8bd81ed995dd6
 	Issue introduced in 6.11 with commit d392e85fd1e8d58e460c17ca7d0d5c157848d9c1 and fixed in 6.12 with commit 589996bf8c459deb5bbc9747d8f1c51658608103
 	Issue introduced in 6.10.3 with commit 2e83375fd95b81be0e9ca457cc7c3f23e3575768

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-50065
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/ntfs3/namei.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/c556e72cea2a1131ae418be017dd6fc76fffe2fb
 	https://git.kernel.org/stable/c/d0c710372e238510db08ea01e7b8bd81ed995dd6
 	https://git.kernel.org/stable/c/589996bf8c459deb5bbc9747d8f1c51658608103
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-50065: ntfs3: Change to non-blocking allocation in ntfs_d_hash

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	ntfs3: Change to non-blocking allocation in ntfs_d_hash

	d_hash is done while under "rcu-walk" and should not sleep.
	__get_name() allocates using GFP_KERNEL, having the possibility
	to sleep when under memory pressure. Change the allocation to
	GFP_NOWAIT.

	The Linux kernel CVE team has assigned CVE-2024-50065 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.6.44 with commit 58ebd50d22529f79d2497abbb006137a7c7f5336 and fixed in 6.6.57 with commit c556e72cea2a1131ae418be017dd6fc76fffe2fb
	Issue introduced in 6.11 with commit d392e85fd1e8d58e460c17ca7d0d5c157848d9c1 and fixed in 6.11.4 with commit d0c710372e238510db08ea01e7b8bd81ed995dd6
	Issue introduced in 6.11 with commit d392e85fd1e8d58e460c17ca7d0d5c157848d9c1 and fixed in 6.12 with commit 589996bf8c459deb5bbc9747d8f1c51658608103
	Issue introduced in 6.10.3 with commit 2e83375fd95b81be0e9ca457cc7c3f23e3575768

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-50065
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/ntfs3/namei.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/c556e72cea2a1131ae418be017dd6fc76fffe2fb
	https://git.kernel.org/stable/c/d0c710372e238510db08ea01e7b8bd81ed995dd6
	https://git.kernel.org/stable/c/589996bf8c459deb5bbc9747d8f1c51658608103