CVE - CVE-2024-26956

CVE-ID
CVE-2024-26956	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix failure to detect DAT corruption in btree and direct mappings Patch series "nilfs2: fix kernel bug at submit_bh_wbc()". This resolves a kernel BUG reported by syzbot. Since there are two flaws involved, I've made each one a separate patch. The first patch alone resolves the syzbot-reported bug, but I think both fixes should be sent to stable, so I've tagged them as such. This patch (of 2): Syzbot has reported a kernel bug in submit_bh_wbc() when writing file data to a nilfs2 file system whose metadata is corrupted. There are two flaws involved in this issue. The first flaw is that when nilfs_get_block() locates a data block using btree or direct mapping, if the disk address translation routine nilfs_dat_translate() fails with internal code -ENOENT due to DAT metadata corruption, it can be passed back to nilfs_get_block(). This causes nilfs_get_block() to misidentify an existing block as non-existent, causing both data block lookup and insertion to fail inconsistently. The second flaw is that nilfs_get_block() returns a successful status in this inconsistent state. This causes the caller __block_write_begin_int() or others to request a read even though the buffer is not mapped, resulting in a BUG_ON check for the BH_Mapped flag in submit_bh_wbc() failing. This fixes the first issue by changing the return value to code -EINVAL when a conversion using DAT fails with code -ENOENT, avoiding the conflicting condition that leads to the kernel bug described above. Here, code -EINVAL indicates that metadata corruption was detected during the block lookup, which will be properly handled as a file system error and converted to -EIO when passing through the nilfs2 bmap layer.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/2e2619ff5d0def4bb6c2037a32a6eaa28dd95c84 URL:https://git.kernel.org/stable/c/2e2619ff5d0def4bb6c2037a32a6eaa28dd95c84 MISC:https://git.kernel.org/stable/c/46b832e09d43b394ac0f6d9485d2b1a06593f0b7 URL:https://git.kernel.org/stable/c/46b832e09d43b394ac0f6d9485d2b1a06593f0b7 MISC:https://git.kernel.org/stable/c/82827ca21e7c8a91384c5baa656f78a5adfa4ab4 URL:https://git.kernel.org/stable/c/82827ca21e7c8a91384c5baa656f78a5adfa4ab4 MISC:https://git.kernel.org/stable/c/9cbe1ad5f4354f4df1445e5f4883983328cd6d8e URL:https://git.kernel.org/stable/c/9cbe1ad5f4354f4df1445e5f4883983328cd6d8e MISC:https://git.kernel.org/stable/c/a8e4d098de1c0f4c5c1f2ed4633a860f0da6d713 URL:https://git.kernel.org/stable/c/a8e4d098de1c0f4c5c1f2ed4633a860f0da6d713 MISC:https://git.kernel.org/stable/c/b67189690eb4b7ecc84ae16fa1e880e0123eaa35 URL:https://git.kernel.org/stable/c/b67189690eb4b7ecc84ae16fa1e880e0123eaa35 MISC:https://git.kernel.org/stable/c/c3b5c5c31e723b568f83d8cafab8629d9d830ffb URL:https://git.kernel.org/stable/c/c3b5c5c31e723b568f83d8cafab8629d9d830ffb MISC:https://git.kernel.org/stable/c/f2f26b4a84a0ef41791bd2d70861c8eac748f4ba URL:https://git.kernel.org/stable/c/f2f26b4a84a0ef41791bd2d70861c8eac748f4ba MISC:https://git.kernel.org/stable/c/f69e81396aea66304d214f175aa371f1b5578862 URL:https://git.kernel.org/stable/c/f69e81396aea66304d214f175aa371f1b5578862 MLIST:[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update URL:https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html MLIST:[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update URL:https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Assigning CNA
kernel.org
Date Record Created
20240219	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240219)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)