CVE-2024-42315

When accessing a file with more entries than ESMAXENTRYNUM, the bh-array is allocated in _exfatgetentryset. The problem is that the bh-array is allocated with GFPKERNEL. It does not make sense. In the following cases, a deadlock for sbi->s_lock between the two processes may occur.

   CPU0                CPU1
   ----                ----

kswapd balancepgdat lock(fsreclaim) exfatiterate lock(&sbi->slock) exfatreaddir exfatgetuninamefromextentry exfatgetdentryset _exfatgetdentryset kmallocarray ... lock(fsreclaim) ... evict exfatevictinode lock(&sbi->slock)

To fix this, let's allocate bh-array with GFP_NOFS.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

bd3bdb9e0d656f760b11d0c638d35d7f7068144d

Fixed

632fb232b6bbf8277edcbe9ecd4b4d98ecb122eb

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

92dcd7d6c6068bf4fd35a6f64d606e27d634807e

Fixed

c052f775ee6ccacd3c97e4cf41a2a657e63d4259

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d8fe01ad2d8ab33aaf8f2efad9e8f1dae11c4b0c

Fixed

cd1c7858641384191ff7033fb1fc65dfcd559c6f

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a3ff29a95fde16906304455aa8c0bd84eb770258

Fixed

a7ac198f8dba791e3144c4da48a5a9b95773ee4b

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a3ff29a95fde16906304455aa8c0bd84eb770258

Fixed

1d1970493c289e3f44b9ec847ed26a5dbdf56a62

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a3ff29a95fde16906304455aa8c0bd84eb770258

Fixed

89fc548767a2155231128cb98726d6d2ea1256c9

Affected versions

v5.*

v5.10.190

v5.10.191

v5.10.192

v5.10.193

v5.10.194

v5.10.195

v5.10.196

v5.10.197

v5.10.198

v5.10.199

v5.10.200

v5.10.201

v5.10.202

v5.10.203

v5.10.204

v5.10.205

v5.10.206

v5.10.207

v5.10.208

v5.10.209

v5.10.210

v5.10.211

v5.10.212

v5.10.213

v5.10.214

v5.10.215

v5.10.216

v5.10.217

v5.10.218

v5.10.219

v5.10.220

v5.10.221

v5.10.222

v5.10.223

v5.10.224

v5.10.225

v5.10.226

v5.10.227

v5.10.228

v5.10.229

v5.10.230

v5.10.231

v5.15.150

v5.15.151

v5.15.152

v5.15.153

v5.15.154

v5.15.155

v5.15.156

v5.15.157

v5.15.158

v5.15.159

v5.15.160

v5.15.161

v5.15.162

v5.15.163

v5.15.164

v5.15.165

v5.15.166

v5.15.167

v5.15.168

v5.15.169

v5.15.170

v5.15.171

v5.15.172

v5.15.173

v5.15.174

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.10.1

v6.10.2

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.5

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.232

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.175

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.6.44

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.10.3