CVE-2024-57942

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-57942
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57942.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-57942
Downstream
Published
2025-01-21T12:18:10Z
Modified
2025-10-17T19:58:20.780900Z
Summary
netfs: Fix ceph copy to cache on write-begin
Details

In the Linux kernel, the following vulnerability has been resolved:

netfs: Fix ceph copy to cache on write-begin

At the end of netfsunlockreadfolio() in which folios are marked appropriately for copying to the cache (either with by being marked dirty and having their private data set or by having PGprivate2 set) and then unlocked, the folioqueue struct has the entry pointing to the folio cleared. This presents a problem for netfspgpriv2writetothecache(), which is used to write folios marked with PGprivate2 to the cache as it expects to be able to trawl the folioqueue list thereafter to find the relevant folios, leading to a hang.

Fix this by not clearing the folio_queue entry if we're going to do the deprecated copy-to-cache. The clearance will be done instead as the folios are written to the cache.

This can be reproduced by starting cachefiles, mounting a ceph filesystem with "-o fsc" and writing to it.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ee4cdf7ba857a894ad1650d6ab77669cbbfa329e
Fixed
43b8d3249b0b71bad239d42dbe08ce6c938ba000
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ee4cdf7ba857a894ad1650d6ab77669cbbfa329e
Fixed
38cf8e945721ffe708fa675507465da7f4f2a9f7

Affected versions

v6.*

v6.11
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13-rc1

Database specific

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "328414047921826395865235914759054858753",
                "179203963562709386450468303641780236865",
                "168845600582278840306442115214706145487",
                "235338120595181835300051910872597530623",
                "21044373707153832152648750968412817648",
                "273117372674028793605680289644336777633",
                "71611895257143337071239849668138715919",
                "325482520731064868633421953901066476655",
                "153723888135984401226044098446720354603",
                "316561999129616636606664710677159750193",
                "177764133634222194688747146698164809610"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "fs/netfs/read_collect.c"
        },
        "deprecated": false,
        "id": "CVE-2024-57942-177817e1",
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38cf8e945721ffe708fa675507465da7f4f2a9f7"
    },
    {
        "digest": {
            "length": 1190.0,
            "function_hash": "216550728380033107044166432769526763310"
        },
        "target": {
            "file": "fs/netfs/read_collect.c",
            "function": "netfs_unlock_read_folio"
        },
        "deprecated": false,
        "id": "CVE-2024-57942-5853cc49",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@43b8d3249b0b71bad239d42dbe08ce6c938ba000"
    },
    {
        "digest": {
            "line_hashes": [
                "328414047921826395865235914759054858753",
                "179203963562709386450468303641780236865",
                "168845600582278840306442115214706145487",
                "235338120595181835300051910872597530623",
                "21044373707153832152648750968412817648",
                "273117372674028793605680289644336777633",
                "71611895257143337071239849668138715919",
                "325482520731064868633421953901066476655",
                "153723888135984401226044098446720354603",
                "316561999129616636606664710677159750193",
                "177764133634222194688747146698164809610"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "fs/netfs/read_collect.c"
        },
        "deprecated": false,
        "id": "CVE-2024-57942-91f7c9cd",
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@43b8d3249b0b71bad239d42dbe08ce6c938ba000"
    },
    {
        "digest": {
            "length": 1190.0,
            "function_hash": "216550728380033107044166432769526763310"
        },
        "target": {
            "file": "fs/netfs/read_collect.c",
            "function": "netfs_unlock_read_folio"
        },
        "deprecated": false,
        "id": "CVE-2024-57942-cd7c2a57",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38cf8e945721ffe708fa675507465da7f4f2a9f7"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.12.0
Fixed
6.12.10