AZL-61721

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61721.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-61721

Upstream

CVE-2024-26869

Published

2024-04-17T11:15:09Z

Modified

2026-04-01T05:19:42.860268Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-26869 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to truncate meta inode pages forcely

Below race case can cause data corruption:

Thread A GC thread - gcdatasegment - radatablock - locked metainode page - f2fsinplacewritedata - invalidatemappingpages : fail to invalidate metainode page due to lock failure or dirty|writeback status - f2fssubmitpagebio : write last dirty data to old blkaddr - movedatablock - load old data from metainode page - f2fssubmitpagewrite : write old data to new blkaddr

Because invalidatemappingpages() will skip invalidating page which has unclear status including locked, dirty, writeback and so on, so we need to use truncateinodepagesrange() instead of invalidatemappingpages() to make sure metainode page will be dropped.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-26869

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61721.json"