AZL-52126

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-52126.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-52126

Upstream

CVE-2024-50006

Published

2024-10-21T19:15:04Z

Modified

2026-04-01T05:16:29.277105Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-50006 affecting package kernel for versions less than 5.15.173.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix idatasem unlock order in ext4indmigrate()

Fuzzing reports a possible deadlock in jbd2logwait_commit.

This issue is triggered when an EXT4IOCMIGRATE ioctl is set to require synchronous updates because the file descriptor is opened with OSYNC. This can lead to the jbd2journalstop() function calling jbd2mightwaitforcommit(), potentially causing a deadlock if the EXT4IOC_MIGRATE call races with a write(2) system call.

This problem only arises when CONFIGPROVELOCKING is enabled. In this case, the jbd2mightwaitforcommit macro locks jbd2handle in the jbd2journalstop function while idatasem is locked. This triggers lockdep because the jbd2journalstart function might also lock the same jbd2handle simultaneously.

Found by Linux Verification Center (linuxtesting.org) with syzkaller.

Rule: add

References

https://nvd.nist.gov/vuln/detail/CVE-2024-50006

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.173.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-52126.json"