CVE - CVE-2024-47690

CVE-ID
CVE-2024-47690	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: get rid of online repaire on corrupted directory syzbot reports a f2fs bug as below: kernel BUG at fs/f2fs/inode.c:896! RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 Call Trace: evict+0x532/0x950 fs/inode.c:704 dispose_list fs/inode.c:747 [inline] evict_inodes+0x5f9/0x690 fs/inode.c:797 generic_shutdown_super+0x9d/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1696 kill_f2fs_super+0x344/0x690 fs/f2fs/super.c:4898 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1373 task_work_run+0x24f/0x310 kernel/task_work.c:228 ptrace_notify+0x2d2/0x380 kernel/signal.c:2402 ptrace_report_syscall include/linux/ptrace.h:415 [inline] ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline] syscall_exit_work+0xc6/0x190 kernel/entry/common.c:173 syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline] syscall_exit_to_user_mode+0x279/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 Online repaire on corrupted directory in f2fs_lookup() can generate dirty data/meta while racing w/ readonly remount, it may leave dirty inode after filesystem becomes readonly, however, checkpoint() will skips flushing dirty inode in a state of readonly mode, result in above panic. Let's get rid of online repaire in f2fs_lookup(), and leave the work to fsck.f2fs.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/884ee6dc85b959bc152f15bca80c30f06069e6c4 URL:https://git.kernel.org/stable/c/884ee6dc85b959bc152f15bca80c30f06069e6c4 MISC:https://git.kernel.org/stable/c/8be95cd607478d85fa4626e86f811e785905bcbf URL:https://git.kernel.org/stable/c/8be95cd607478d85fa4626e86f811e785905bcbf MISC:https://git.kernel.org/stable/c/bcefd0b0611f35b560d0a7281d87529fbe7a1e32 URL:https://git.kernel.org/stable/c/bcefd0b0611f35b560d0a7281d87529fbe7a1e32 MISC:https://git.kernel.org/stable/c/e8d64f598eeb079c42a52deaa3a91312c736a49d URL:https://git.kernel.org/stable/c/e8d64f598eeb079c42a52deaa3a91312c736a49d MISC:https://git.kernel.org/stable/c/f4746f2d79507f65cfbde11d3c39ee8338aa50af URL:https://git.kernel.org/stable/c/f4746f2d79507f65cfbde11d3c39ee8338aa50af MISC:https://git.kernel.org/stable/c/f9ce2f550d53d044ecfb5ce996406cf42cd6b84d URL:https://git.kernel.org/stable/c/f9ce2f550d53d044ecfb5ce996406cf42cd6b84d
Assigning CNA
kernel.org
Date Record Created
20240930	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240930)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)