CVE-2024-36966

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36966
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36966.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-36966
Downstream
Related
Published
2024-06-08T12:52:59Z
Modified
2025-10-17T06:57:35.539326Z
Summary
erofs: reliably distinguish block based and fscache mode
Details

In the Linux kernel, the following vulnerability has been resolved:

erofs: reliably distinguish block based and fscache mode

When erofskillsb() is called in block dev based mode, sbdev may not have been initialised yet, and if CONFIGEROFSFSONDEMAND is enabled, it will be mistaken for fscache mode, and then attempt to free an anon_dev that has never been allocated, triggering the following warning:

============================================ idafree called for id=0 which is not allocated. WARNING: CPU: 14 PID: 926 at lib/idr.c:525 idafree+0x134/0x140 Modules linked in: CPU: 14 PID: 926 Comm: mount Not tainted 6.9.0-rc3-dirty #630 RIP: 0010:idafree+0x134/0x140 Call Trace: <TASK> erofskillsb+0x81/0x90 deactivatelockedsuper+0x35/0x80 gettreebdev+0x136/0x1e0 vfsgettree+0x2c/0xf0 donew_mount+0x190/0x2f0

[...]

Now when erofskillsb() is called, erofssbinfo must have been initialised, so use sbi->fsid to distinguish between the two modes.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
aca740cecbe57b12bd9c1fc632092af5ebacda0c
Fixed
f9b877a7ee312ec8ce17598a7ef85cb820d7c371
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
aca740cecbe57b12bd9c1fc632092af5ebacda0c
Fixed
dcdd49701e429c55b3644fd70fc58d85745f8cfe
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
aca740cecbe57b12bd9c1fc632092af5ebacda0c
Fixed
7af2ae1b1531feab5d38ec9c8f472dc6cceb4606

Affected versions

v6.*

v6.5
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.10
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.32
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.11