CVE-2024-50229

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-50229
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50229.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-50229
Downstream
Related
Published
2024-11-09T10:14:39.756Z
Modified
2026-03-11T07:47:27.380906Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
nilfs2: fix potential deadlock with newly created symlinks
Details

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix potential deadlock with newly created symlinks

Syzbot reported that pagesymlink(), called by nilfssymlink(), triggers memory reclamation involving the filesystem layer, which can result in circular lock dependencies among the reader/writer semaphore nilfs->nssegctorsem, swriters percpurwsem (intwrite) and the fs_reclaim pseudo lock.

This is because after commit 21fc61c73c39 ("don't put symlink bodies in pagecache into highmem"), the gfp flags of the page cache for symbolic links are overwritten to GFPKERNEL via inodenohighmem().

This is not a problem for symlinks read from the backing device, because the _GFPFS flag is dropped after inodenohighmem() is called. However, when a new symlink is created with nilfssymlink(), the gfp flags remain overwritten to GFPKERNEL. Then, memory allocation called from pagesymlink() etc. triggers memory reclamation including the FS layer, which may call nilfsevictinode() or nilfsdirtyinode(). And these can cause a deadlock if they are called while nilfs->nssegctorsem is held:

Fix this issue by dropping the __GFPFS flag from the page cache GFP flags of newly created symlinks in the same way that nilfsnew_inode() and __nilfsreadinode() do, as a workaround until we adopt nofs allocation scope consistently or improve the locking constraints.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50229.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
21fc61c73c3903c4c312d0802da01ec2b323d174
Fixed
cc38c596e648575ce58bfc31623a6506eda4b94a
Fixed
a1686db1e59f8fc016c4c9361e2119dd206f479a
Fixed
c72e0df0b56c1166736dc8eb62070ebb12591447
Fixed
69548bb663fcb63f9ee0301be808a36b9d78dac3
Fixed
58c7f44c7b9e5ac7e3b1e5da2572ed7767a12f38
Fixed
1246d86e7bbde265761932c6e2dce28c69cdcb91
Fixed
9aa5d43ac4cace8fb9bd964ff6c23f599dc3cd24
Fixed
b3a033e3ecd3471248d474ef263aadc0059e516a
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
076e4ab3279eb3ddb206de44d04df7aeb2428e09

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50229.json"