CVE-2024-42315

When accessing a file with more entries than ESMAXENTRY_NUM, the bh-array is allocated in _exfatgetentryset. The problem is that the bh-array is allocated with GFPKERNEL. It does not make sense. In the following cases, a deadlock for sbi->slock between the two processes may occur.

   CPU0                CPU1
   ----                ----

kswapd balancepgdat lock(fsreclaim) exfatiterate lock(&sbi->slock) exfatreaddir exfatgetuninamefromextentry exfatgetdentry_set __exfatgetdentryset kmallocarray ... lock(fsreclaim) ... evict exfatevictinode lock(&sbi->slock)

To fix this, let's allocate bh-array with GFP_NOFS.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42315.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

bd3bdb9e0d656f760b11d0c638d35d7f7068144d

Fixed

632fb232b6bbf8277edcbe9ecd4b4d98ecb122eb

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

92dcd7d6c6068bf4fd35a6f64d606e27d634807e

Fixed

c052f775ee6ccacd3c97e4cf41a2a657e63d4259

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d8fe01ad2d8ab33aaf8f2efad9e8f1dae11c4b0c

Fixed

cd1c7858641384191ff7033fb1fc65dfcd559c6f

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a3ff29a95fde16906304455aa8c0bd84eb770258

Fixed

a7ac198f8dba791e3144c4da48a5a9b95773ee4b

Fixed

1d1970493c289e3f44b9ec847ed26a5dbdf56a62

Fixed

89fc548767a2155231128cb98726d6d2ea1256c9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42315.json"