| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2024-57895: ksmbd: set ATTR_CTIME flags when setting mtime |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| ksmbd: set ATTR_CTIME flags when setting mtime |
| |
| David reported that the new warning from setattr_copy_mgtime is coming |
| like the following. |
| |
| [ 113.215316] ------------[ cut here ]------------ |
| [ 113.215974] WARNING: CPU: 1 PID: 31 at fs/attr.c:300 setattr_copy+0x1ee/0x200 |
| [ 113.219192] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:1 Not tainted 6.13.0-rc1+ #234 |
| [ 113.220127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 |
| [ 113.221530] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] |
| [ 113.222220] RIP: 0010:setattr_copy+0x1ee/0x200 |
| [ 113.222833] Code: 24 28 49 8b 44 24 30 48 89 53 58 89 43 6c 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 89 df e8 77 d6 ff ff e9 cd fe ff ff <0f> 0b e9 be fe ff ff 66 0 |
| [ 113.225110] RSP: 0018:ffffaf218010fb68 EFLAGS: 00010202 |
| [ 113.225765] RAX: 0000000000000120 RBX: ffffa446815f8568 RCX: 0000000000000003 |
| [ 113.226667] RDX: ffffaf218010fd38 RSI: ffffa446815f8568 RDI: ffffffff94eb03a0 |
| [ 113.227531] RBP: ffffaf218010fb90 R08: 0000001a251e217d R09: 00000000675259fa |
| [ 113.228426] R10: 0000000002ba8a6d R11: ffffa4468196c7a8 R12: ffffaf218010fd38 |
| [ 113.229304] R13: 0000000000000120 R14: ffffffff94eb03a0 R15: 0000000000000000 |
| [ 113.230210] FS: 0000000000000000(0000) GS:ffffa44739d00000(0000) knlGS:0000000000000000 |
| [ 113.231215] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 |
| [ 113.232055] CR2: 00007efe0053d27e CR3: 000000000331a000 CR4: 00000000000006b0 |
| [ 113.232926] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 |
| [ 113.233812] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 |
| [ 113.234797] Call Trace: |
| [ 113.235116] <TASK> |
| [ 113.235393] ? __warn+0x73/0xd0 |
| [ 113.235802] ? setattr_copy+0x1ee/0x200 |
| [ 113.236299] ? report_bug+0xf3/0x1e0 |
| [ 113.236757] ? handle_bug+0x4d/0x90 |
| [ 113.237202] ? exc_invalid_op+0x13/0x60 |
| [ 113.237689] ? asm_exc_invalid_op+0x16/0x20 |
| [ 113.238185] ? setattr_copy+0x1ee/0x200 |
| [ 113.238692] btrfs_setattr+0x80/0x820 [btrfs] |
| [ 113.239285] ? get_stack_info_noinstr+0x12/0xf0 |
| [ 113.239857] ? __module_address+0x22/0xa0 |
| [ 113.240368] ? handle_ksmbd_work+0x6e/0x460 [ksmbd] |
| [ 113.240993] ? __module_text_address+0x9/0x50 |
| [ 113.241545] ? __module_address+0x22/0xa0 |
| [ 113.242033] ? unwind_next_frame+0x10e/0x920 |
| [ 113.242600] ? __pfx_stack_trace_consume_entry+0x10/0x10 |
| [ 113.243268] notify_change+0x2c2/0x4e0 |
| [ 113.243746] ? stack_depot_save_flags+0x27/0x730 |
| [ 113.244339] ? set_file_basic_info+0x130/0x2b0 [ksmbd] |
| [ 113.244993] set_file_basic_info+0x130/0x2b0 [ksmbd] |
| [ 113.245613] ? process_scheduled_works+0xbe/0x310 |
| [ 113.246181] ? worker_thread+0x100/0x240 |
| [ 113.246696] ? kthread+0xc8/0x100 |
| [ 113.247126] ? ret_from_fork+0x2b/0x40 |
| [ 113.247606] ? ret_from_fork_asm+0x1a/0x30 |
| [ 113.248132] smb2_set_info+0x63f/0xa70 [ksmbd] |
| |
| ksmbd is trying to set the atime and mtime via notify_change without also |
| setting the ctime. so This patch add ATTR_CTIME flags when setting mtime |
| to avoid a warning. |
| |
| The Linux kernel CVE team has assigned CVE-2024-57895 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 5.15 with commit 0626e6641f6b467447c81dd7678a69c66f7746cf and fixed in 6.6.70 with commit 1d7ee876b8b96efc14e177a7fe8d45ac25d68849 |
| Issue introduced in 5.15 with commit 0626e6641f6b467447c81dd7678a69c66f7746cf and fixed in 6.12.9 with commit 52cefcff6a4a814f4f8e357422fcfb71fd2ebf75 |
| Issue introduced in 5.15 with commit 0626e6641f6b467447c81dd7678a69c66f7746cf and fixed in 6.13 with commit 21e46a79bbe6c4e1aa73b3ed998130f2ff07b128 |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2024-57895 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| fs/smb/server/smb2pdu.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/1d7ee876b8b96efc14e177a7fe8d45ac25d68849 |
| https://git.kernel.org/stable/c/52cefcff6a4a814f4f8e357422fcfb71fd2ebf75 |
| https://git.kernel.org/stable/c/21e46a79bbe6c4e1aa73b3ed998130f2ff07b128 |
