CVE-2024-27058

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-27058
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27058.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-27058
Downstream
Published
2024-05-01T13:00:06.852Z
Modified
2025-11-14T18:32:18.519854Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
tmpfs: fix race on handling dquot rbtree
Details

In the Linux kernel, the following vulnerability has been resolved:

tmpfs: fix race on handling dquot rbtree

A syzkaller reproducer found a race while attempting to remove dquot information from the rb tree.

Fetching the rbtree root node must also be protected by the dqopt->dqiosem, otherwise, giving the right timing, shmemreleasedquot() will trigger a warning because it couldn't find a node in the tree, when the real reason was the root node changing before the search starts:

Thread 1 Thread 2 - shmemreleasedquot() - shmem{acquire,release}dquot()

  • fetch ROOT - Fetch ROOT

                - acquire dqio_sem

  • wait dqio_sem

                - do something, triger a tree rebalance
            - release dqio_sem

  • acquire dqio_sem

  • start searching for the node, but from the wrong location, missing the node, and triggering a warning.
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
eafc474e202978ac735c551d5ee1eb8c02e2be54
Fixed
c7077f43f30d817d10a9f8245e51576ac114b2f0
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
eafc474e202978ac735c551d5ee1eb8c02e2be54
Fixed
617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
eafc474e202978ac735c551d5ee1eb8c02e2be54
Fixed
f82f184874d2761ebaa60dccf577921a0dbb3810
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
eafc474e202978ac735c551d5ee1eb8c02e2be54
Fixed
0a69b6b3a026543bc215ccc866d0aea5579e6ce2

Affected versions

v6.*

v6.5
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.10
v6.7.11
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.9-rc1

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 1293.0,
            "function_hash": "101151398040593680788228476939791733952"
        },
        "target": {
            "file": "mm/shmem_quota.c",
            "function": "shmem_release_dquot"
        },
        "signature_type": "Function",
        "id": "CVE-2024-27058-0c3df47f",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7077f43f30d817d10a9f8245e51576ac114b2f0"
    },
    {
        "digest": {
            "length": 915.0,
            "function_hash": "298700314533393986304395708906326681117"
        },
        "target": {
            "file": "mm/shmem_quota.c",
            "function": "shmem_get_next_id"
        },
        "signature_type": "Function",
        "id": "CVE-2024-27058-19837dc0",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb"
    },
    {
        "digest": {
            "length": 1293.0,
            "function_hash": "101151398040593680788228476939791733952"
        },
        "target": {
            "file": "mm/shmem_quota.c",
            "function": "shmem_release_dquot"
        },
        "signature_type": "Function",
        "id": "CVE-2024-27058-4245ad07",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb"
    },
    {
        "digest": {
            "length": 1899.0,
            "function_hash": "162372099404956200308148435378888421406"
        },
        "target": {
            "file": "mm/shmem_quota.c",
            "function": "shmem_acquire_dquot"
        },
        "signature_type": "Function",
        "id": "CVE-2024-27058-71a2653b",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f82f184874d2761ebaa60dccf577921a0dbb3810"
    },
    {
        "digest": {
            "line_hashes": [
                "84301663499076630540284098241134518947",
                "123387491700453650909619065095563506903",
                "95716938451815453037377025780137907675",
                "329897770891155035259249330108874632321",
                "334215660089767827755623980796674205740",
                "103139750208602510255599346666680776737",
                "137736287373201124414701392896862590188",
                "81866108339586086785737622481036868840",
                "95793572938330982889890135828280071058",
                "159795214944963962272599126470308661044",
                "138079838967451895964609265482340090130",
                "172566622686164559927580338860083726712",
                "17157786561928363953020786913071775441",
                "291422553907720142093163254231060233229",
                "208696718029781626453960336935737969003",
                "43266368936924940219403577347527183560",
                "281624970659330146923484288223466514980",
                "233912329260621126759383345870086653035",
                "258641009810187456889269420097840699528",
                "43936469537581560656745198856936314037",
                "81800152785923063652214475969587787065",
                "186512622418965735800478079648483547327",
                "206390014925187749928779253023043390224",
                "39769634134747007977177080692806483580"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "mm/shmem_quota.c"
        },
        "signature_type": "Line",
        "id": "CVE-2024-27058-7b6364c1",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a69b6b3a026543bc215ccc866d0aea5579e6ce2"
    },
    {
        "digest": {
            "line_hashes": [
                "84301663499076630540284098241134518947",
                "123387491700453650909619065095563506903",
                "95716938451815453037377025780137907675",
                "329897770891155035259249330108874632321",
                "334215660089767827755623980796674205740",
                "103139750208602510255599346666680776737",
                "137736287373201124414701392896862590188",
                "81866108339586086785737622481036868840",
                "95793572938330982889890135828280071058",
                "159795214944963962272599126470308661044",
                "138079838967451895964609265482340090130",
                "172566622686164559927580338860083726712",
                "17157786561928363953020786913071775441",
                "291422553907720142093163254231060233229",
                "208696718029781626453960336935737969003",
                "43266368936924940219403577347527183560",
                "281624970659330146923484288223466514980",
                "233912329260621126759383345870086653035",
                "258641009810187456889269420097840699528",
                "43936469537581560656745198856936314037",
                "81800152785923063652214475969587787065",
                "186512622418965735800478079648483547327",
                "206390014925187749928779253023043390224",
                "39769634134747007977177080692806483580"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "mm/shmem_quota.c"
        },
        "signature_type": "Line",
        "id": "CVE-2024-27058-914ad4bf",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7077f43f30d817d10a9f8245e51576ac114b2f0"
    },
    {
        "digest": {
            "length": 1293.0,
            "function_hash": "101151398040593680788228476939791733952"
        },
        "target": {
            "file": "mm/shmem_quota.c",
            "function": "shmem_release_dquot"
        },
        "signature_type": "Function",
        "id": "CVE-2024-27058-954bed79",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f82f184874d2761ebaa60dccf577921a0dbb3810"
    },
    {
        "digest": {
            "line_hashes": [
                "84301663499076630540284098241134518947",
                "123387491700453650909619065095563506903",
                "95716938451815453037377025780137907675",
                "329897770891155035259249330108874632321",
                "334215660089767827755623980796674205740",
                "103139750208602510255599346666680776737",
                "137736287373201124414701392896862590188",
                "81866108339586086785737622481036868840",
                "95793572938330982889890135828280071058",
                "159795214944963962272599126470308661044",
                "138079838967451895964609265482340090130",
                "172566622686164559927580338860083726712",
                "17157786561928363953020786913071775441",
                "291422553907720142093163254231060233229",
                "208696718029781626453960336935737969003",
                "43266368936924940219403577347527183560",
                "281624970659330146923484288223466514980",
                "233912329260621126759383345870086653035",
                "258641009810187456889269420097840699528",
                "43936469537581560656745198856936314037",
                "81800152785923063652214475969587787065",
                "186512622418965735800478079648483547327",
                "206390014925187749928779253023043390224",
                "39769634134747007977177080692806483580"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "mm/shmem_quota.c"
        },
        "signature_type": "Line",
        "id": "CVE-2024-27058-a6d0cbce",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f82f184874d2761ebaa60dccf577921a0dbb3810"
    },
    {
        "digest": {
            "length": 1899.0,
            "function_hash": "162372099404956200308148435378888421406"
        },
        "target": {
            "file": "mm/shmem_quota.c",
            "function": "shmem_acquire_dquot"
        },
        "signature_type": "Function",
        "id": "CVE-2024-27058-b804beb2",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb"
    },
    {
        "digest": {
            "length": 1293.0,
            "function_hash": "101151398040593680788228476939791733952"
        },
        "target": {
            "file": "mm/shmem_quota.c",
            "function": "shmem_release_dquot"
        },
        "signature_type": "Function",
        "id": "CVE-2024-27058-bb12bba1",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a69b6b3a026543bc215ccc866d0aea5579e6ce2"
    },
    {
        "digest": {
            "length": 915.0,
            "function_hash": "298700314533393986304395708906326681117"
        },
        "target": {
            "file": "mm/shmem_quota.c",
            "function": "shmem_get_next_id"
        },
        "signature_type": "Function",
        "id": "CVE-2024-27058-d8f50846",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a69b6b3a026543bc215ccc866d0aea5579e6ce2"
    },
    {
        "digest": {
            "length": 1899.0,
            "function_hash": "162372099404956200308148435378888421406"
        },
        "target": {
            "file": "mm/shmem_quota.c",
            "function": "shmem_acquire_dquot"
        },
        "signature_type": "Function",
        "id": "CVE-2024-27058-dbd321a3",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a69b6b3a026543bc215ccc866d0aea5579e6ce2"
    },
    {
        "digest": {
            "length": 1899.0,
            "function_hash": "162372099404956200308148435378888421406"
        },
        "target": {
            "file": "mm/shmem_quota.c",
            "function": "shmem_acquire_dquot"
        },
        "signature_type": "Function",
        "id": "CVE-2024-27058-ee541c20",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7077f43f30d817d10a9f8245e51576ac114b2f0"
    },
    {
        "digest": {
            "length": 915.0,
            "function_hash": "298700314533393986304395708906326681117"
        },
        "target": {
            "file": "mm/shmem_quota.c",
            "function": "shmem_get_next_id"
        },
        "signature_type": "Function",
        "id": "CVE-2024-27058-f7a5ca7e",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7077f43f30d817d10a9f8245e51576ac114b2f0"
    },
    {
        "digest": {
            "line_hashes": [
                "84301663499076630540284098241134518947",
                "123387491700453650909619065095563506903",
                "95716938451815453037377025780137907675",
                "329897770891155035259249330108874632321",
                "334215660089767827755623980796674205740",
                "103139750208602510255599346666680776737",
                "137736287373201124414701392896862590188",
                "81866108339586086785737622481036868840",
                "95793572938330982889890135828280071058",
                "159795214944963962272599126470308661044",
                "138079838967451895964609265482340090130",
                "172566622686164559927580338860083726712",
                "17157786561928363953020786913071775441",
                "291422553907720142093163254231060233229",
                "208696718029781626453960336935737969003",
                "43266368936924940219403577347527183560",
                "281624970659330146923484288223466514980",
                "233912329260621126759383345870086653035",
                "258641009810187456889269420097840699528",
                "43936469537581560656745198856936314037",
                "81800152785923063652214475969587787065",
                "186512622418965735800478079648483547327",
                "206390014925187749928779253023043390224",
                "39769634134747007977177080692806483580"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "mm/shmem_quota.c"
        },
        "signature_type": "Line",
        "id": "CVE-2024-27058-f8a7af78",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb"
    },
    {
        "digest": {
            "length": 915.0,
            "function_hash": "298700314533393986304395708906326681117"
        },
        "target": {
            "file": "mm/shmem_quota.c",
            "function": "shmem_get_next_id"
        },
        "signature_type": "Function",
        "id": "CVE-2024-27058-f8fe395f",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f82f184874d2761ebaa60dccf577921a0dbb3810"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.24
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.12
Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.8.3