Wind River Support Network

HomeDefectsLIN1023-4589
Fixed

LIN1023-4589 : Security Advisory - linux - CVE-2024-26773

Created: Apr 3, 2024    Updated: Apr 27, 2024
Resolved Date: Apr 19, 2024
Found In Version: 10.23.30.1
Fix Version: 10.23.30.9
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:

ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()

Determine if the group block bitmap is corrupted before using ac_b_ex in
ext4_mb_try_best_found() to avoid allocating blocks from a group with a
corrupted block bitmap in the following concurrency and making the
situation worse.

ext4_mb_regular_allocator
  ext4_lock_group(sb, group)
  ext4_mb_good_group
   // check if the group bbitmap is corrupted
  ext4_mb_complex_scan_group
   // Scan group gets ac_b_ex but doesn't use it
  ext4_unlock_group(sb, group)
                           ext4_mark_group_bitmap_corrupted(group)
                           // The block bitmap was corrupted during
                           // the group unlock gap.
  ext4_mb_try_best_found
    ext4_lock_group(ac->ac_sb, group)
    ext4_mb_use_best_found
      mb_mark_used
      // Allocating blocks in block bitmap corrupted group

CREATE(Triage):(User=admin) CVE-2024-26773 (https://nvd.nist.gov/vuln/detail/CVE-2024-26773)

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube