CVE-2024-50006 - Linux Kernel EXT4 Data Semaphores Deadlock

1 month ago 13
ARTICLE AD BOX
CVE ID : CVE-2024-50006
Published : Oct. 21, 2024, 7:15 p.m. | 24 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate() Fuzzing reports a possible deadlock in jbd2_log_wait_commit. This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require synchronous updates because the file descriptor is opened with O_SYNC. This can lead to the jbd2_journal_stop() function calling jbd2_might_wait_for_commit(), potentially causing a deadlock if the EXT4_IOC_MIGRATE call races with a write(2) system call. This problem only arises when CONFIG_PROVE_LOCKING is enabled. In this case, the jbd2_might_wait_for_commit macro locks jbd2_handle in the jbd2_journal_stop function while i_data_sem is locked. This triggers lockdep because the jbd2_journal_start function might also lock the same jbd2_handle simultaneously. Found by Linux Verification Center (linuxtesting.org) with syzkaller. Rule: add
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article