cve/published/2024/CVE-2024-50191.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-50191: ext4: don't set SB_RDONLY after filesystem errors

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 ext4: don't set SB_RDONLY after filesystem errors

 When the filesystem is mounted with errors=remount-ro, we were setting
 SB_RDONLY flag to stop all filesystem modifications. We knew this misses
 proper locking (sb->s_umount) and does not go through proper filesystem
 remount procedure but it has been the way this worked since early ext2
 days and it was good enough for catastrophic situation damage
 mitigation. Recently, syzbot has found a way (see link) to trigger
 warnings in filesystem freezing because the code got confused by
 SB_RDONLY changing under its hands. Since these days we set
 EXT4_FLAGS_SHUTDOWN on the superblock which is enough to stop all
 filesystem modifications, modifying SB_RDONLY shouldn't be needed. So
 stop doing that.

 The Linux kernel CVE team has assigned CVE-2024-50191 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 5.15.168 with commit fbb177bc1d6487cd3e9b50ae0be2781b7297980d
 	Fixed in 6.1.113 with commit 4061e07f040a091f694f461b86a26cf95ae66439
 	Fixed in 6.6.57 with commit 58c0648e4c773f5b54f0cb63bc8c7c6bf52719a9
 	Fixed in 6.11.4 with commit ee77c388469116565e009eaa704a60bc78489e09
 	Fixed in 6.12 with commit d3476f3dad4ad68ae5f6b008ea6591d1520da5d8

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-50191
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/ext4/super.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/fbb177bc1d6487cd3e9b50ae0be2781b7297980d
 	https://git.kernel.org/stable/c/4061e07f040a091f694f461b86a26cf95ae66439
 	https://git.kernel.org/stable/c/58c0648e4c773f5b54f0cb63bc8c7c6bf52719a9
 	https://git.kernel.org/stable/c/ee77c388469116565e009eaa704a60bc78489e09
 	https://git.kernel.org/stable/c/d3476f3dad4ad68ae5f6b008ea6591d1520da5d8
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-50191: ext4: don't set SB_RDONLY after filesystem errors

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	ext4: don't set SB_RDONLY after filesystem errors

	When the filesystem is mounted with errors=remount-ro, we were setting
	SB_RDONLY flag to stop all filesystem modifications. We knew this misses
	proper locking (sb->s_umount) and does not go through proper filesystem
	remount procedure but it has been the way this worked since early ext2
	days and it was good enough for catastrophic situation damage
	mitigation. Recently, syzbot has found a way (see link) to trigger
	warnings in filesystem freezing because the code got confused by
	SB_RDONLY changing under its hands. Since these days we set
	EXT4_FLAGS_SHUTDOWN on the superblock which is enough to stop all
	filesystem modifications, modifying SB_RDONLY shouldn't be needed. So
	stop doing that.

	The Linux kernel CVE team has assigned CVE-2024-50191 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 5.15.168 with commit fbb177bc1d6487cd3e9b50ae0be2781b7297980d
	Fixed in 6.1.113 with commit 4061e07f040a091f694f461b86a26cf95ae66439
	Fixed in 6.6.57 with commit 58c0648e4c773f5b54f0cb63bc8c7c6bf52719a9
	Fixed in 6.11.4 with commit ee77c388469116565e009eaa704a60bc78489e09
	Fixed in 6.12 with commit d3476f3dad4ad68ae5f6b008ea6591d1520da5d8

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-50191
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/ext4/super.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/fbb177bc1d6487cd3e9b50ae0be2781b7297980d
	https://git.kernel.org/stable/c/4061e07f040a091f694f461b86a26cf95ae66439
	https://git.kernel.org/stable/c/58c0648e4c773f5b54f0cb63bc8c7c6bf52719a9
	https://git.kernel.org/stable/c/ee77c388469116565e009eaa704a60bc78489e09
	https://git.kernel.org/stable/c/d3476f3dad4ad68ae5f6b008ea6591d1520da5d8