DEBIAN-CVE-2024-26685

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-26685

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-26685.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-26685

Upstream

CVE-2024-26685

Published

2024-04-03T15:15:52Z

Modified

2025-09-19T07:35:00.502574Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in endbufferasyncwrite According to a syzbot report, endbufferasyncwrite(), which handles the completion of block device writes, may detect abnormal condition of the buffer asyncwrite flag and cause a BUGON failure when using nilfs2. Nilfs2 itself does not use endbufferasyncwrite(). But, the asyncwrite flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") as a means of resolving double list insertion of dirty blocks in nilfslookupdirtydatabuffers() and nilfslookupnodebuffers() and the resulting crash. This modification is safe as long as it is used for file data and b-tree node blocks where the page caches are independent. However, it was irrelevant and redundant to also introduce asyncwrite for segment summary and super root blocks that share buffers with the backing device. This led to the possibility that the BUGON check in endbufferasyncwrite would fail as described above, if independent writebacks of the backing device occurred in parallel. The use of asyncwrite for segment summary buffers has already been removed in a previous change. Fix this issue by removing the manipulation of the asyncwrite flag for the remaining super root block buffer.

References

https://security-tracker.debian.org/tracker/CVE-2024-26685

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.216-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

5.10.178-1

5.10.178-2

5.10.178-3

5.10.179-1

5.10.179-2

5.10.179-3

5.10.179-4

5.10.179-5

5.10.191-1

5.10.197-1

5.10.205-1

5.10.205-2

5.10.209-1

5.10.209-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.82-1

Affected versions

6.*

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

6.1.52-1

6.1.55-1~bpo11+1

6.1.55-1

6.1.64-1

6.1.66-1

6.1.67-1

6.1.69-1~bpo11+1

6.1.69-1

6.1.76-1~bpo11+1

6.1.76-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.7.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.7.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}