Description

In the Linux kernel, the following vulnerability has been resolved: tmpfs: fix race on handling dquot rbtree A syzkaller reproducer found a race while attempting to remove dquot information from the rb tree. Fetching the rb_tree root node must also be protected by the dqopt->dqio_sem, otherwise, giving the right timing, shmem_release_dquot() will trigger a warning because it couldn't find a node in the tree, when the real reason was the root node changing before the search starts: Thread 1 Thread 2 - shmem_release_dquot() - shmem_{acquire,release}_dquot() - fetch ROOT - Fetch ROOT - acquire dqio_sem - wait dqio_sem - do something, triger a tree rebalance - release dqio_sem - acquire dqio_sem - start searching for the node, but from the wrong location, missing the node, and triggering a warning.

INFO

Published Date :

2024-05-01T13:00:06.852Z

Last Modified :

2025-05-04T09:03:17.639Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-27058 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-27058.

URL Resource
https://git.kernel.org/stable/c/0a69b6b3a026543bc215ccc866d0aea5579e6ce2 cve-icon cve-icon
https://git.kernel.org/stable/c/617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb cve-icon cve-icon
https://git.kernel.org/stable/c/c7077f43f30d817d10a9f8245e51576ac114b2f0 cve-icon cve-icon
https://git.kernel.org/stable/c/f82f184874d2761ebaa60dccf577921a0dbb3810 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-27058-e8f6@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-27058 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-27058 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact