Executive Summary

Informations
Name CVE-2024-27058 First vendor Publication 2024-05-01
Vendor Cve Last vendor Modification 2024-11-01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

tmpfs: fix race on handling dquot rbtree

A syzkaller reproducer found a race while attempting to remove dquot information from the rb tree.

Fetching the rb_tree root node must also be protected by the dqopt->dqio_sem, otherwise, giving the right timing, shmem_release_dquot() will trigger a warning because it couldn't find a node in the tree, when the real reason was the root node changing before the search starts:

Thread 1 Thread 2 - shmem_release_dquot() - shmem_{acquire,release}_dquot()

- fetch ROOT - Fetch ROOT

- acquire dqio_sem - wait dqio_sem

- do something, triger a tree rebalance
- release dqio_sem

- acquire dqio_sem - start searching for the node, but
from the wrong location, missing
the node, and triggering a warning.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27058

Sources (Detail)

https://git.kernel.org/stable/c/0a69b6b3a026543bc215ccc866d0aea5579e6ce2
https://git.kernel.org/stable/c/617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb
https://git.kernel.org/stable/c/c7077f43f30d817d10a9f8245e51576ac114b2f0
https://git.kernel.org/stable/c/f82f184874d2761ebaa60dccf577921a0dbb3810
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2024-11-01 21:28:13
  • Multiple Updates
2024-05-02 00:27:26
  • Multiple Updates
2024-05-01 17:27:27
  • First insertion