CVE-2024-26869 - Vulnerability Details - OpenCVE

ReportizFlow

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate meta inode pages forcely Below race case can cause data corruption: Thread A GC thread - gc_data_segment - ra_data_block - locked meta_inode page - f2fs_inplace_write_data - invalidate_mapping_pages : fail to invalidate meta_inode page due to lock failure or dirty|writeback status - f2fs_submit_page_bio : write last dirty data to old blkaddr - move_data_block - load old data from meta_inode page - f2fs_submit_page_write : write old data to new blkaddr Because invalidate_mapping_pages() will skip invalidating page which has unclear status including locked, dirty, writeback and so on, so we need to use truncate_inode_pages_range() instead of invalidate_mapping_pages() to make sure meta_inode page will be dropped.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/04226d8e3c4028dc451e9d8777356ec0f7919253
https://git.kernel.org/stable/c/77bfdb89cc222fc7bfe198eda77bdc427d5ac189
https://git.kernel.org/stable/c/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65
https://git.kernel.org/stable/c/c92f2927df860a60ba815d3ee610a944b92a8694
https://lore.kernel.org/linux-cve-announce/2024041738-CVE-2024-26869-c9e2@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26869
https://www.cve.org/CVERecord?id=CVE-2024-26869

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-17T10:27:30.100Z

Updated: 2024-12-19T08:49:04.410Z

Reserved: 2024-02-19T14:20:24.184Z

Link: CVE-2024-26869

Vulnrichment

Updated: 2024-06-12T17:28:41.121Z

NVD

Status : Awaiting Analysis

Published: 2024-04-17T11:15:09.413

Modified: 2024-11-21T09:03:15.370

Link: CVE-2024-26869

Redhat

Severity : Moderate

Publid Date: 2024-04-17T00:00:00Z

Links: CVE-2024-26869 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26869", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.184Z", "datePublished": "2024-04-17T10:27:30.100Z", "dateUpdated": "2024-12-19T08:49:04.410Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:49:04.410Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate meta inode pages forcely\n\nBelow race case can cause data corruption:\n\nThread A\t\t\t\tGC thread\n\t\t\t\t\t- gc_data_segment\n\t\t\t\t\t - ra_data_block\n\t\t\t\t\t - locked meta_inode page\n- f2fs_inplace_write_data\n - invalidate_mapping_pages\n : fail to invalidate meta_inode page\n due to lock failure or dirty|writeback\n status\n - f2fs_submit_page_bio\n : write last dirty data to old blkaddr\n\t\t\t\t\t - move_data_block\n\t\t\t\t\t - load old data from meta_inode page\n\t\t\t\t\t - f2fs_submit_page_write\n\t\t\t\t\t : write old data to new blkaddr\n\nBecause invalidate_mapping_pages() will skip invalidating page which\nhas unclear status including locked, dirty, writeback and so on, so\nwe need to use truncate_inode_pages_range() instead of\ninvalidate_mapping_pages() to make sure meta_inode page will be dropped."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/f2fs/checkpoint.c", "fs/f2fs/f2fs.h", "fs/f2fs/segment.c", "include/linux/f2fs_fs.h"], "versions": [{"version": "6aa58d8ad20a3323f42274c25820a6f54192422d", "lessThan": "c92f2927df860a60ba815d3ee610a944b92a8694", "status": "affected", "versionType": "git"}, {"version": "6aa58d8ad20a3323f42274c25820a6f54192422d", "lessThan": "77bfdb89cc222fc7bfe198eda77bdc427d5ac189", "status": "affected", "versionType": "git"}, {"version": "6aa58d8ad20a3323f42274c25820a6f54192422d", "lessThan": "04226d8e3c4028dc451e9d8777356ec0f7919253", "status": "affected", "versionType": "git"}, {"version": "6aa58d8ad20a3323f42274c25820a6f54192422d", "lessThan": "9f0c4a46be1fe9b97dbe66d49204c1371e3ece65", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/f2fs/checkpoint.c", "fs/f2fs/f2fs.h", "fs/f2fs/segment.c", "include/linux/f2fs_fs.h"], "versions": [{"version": "4.19", "status": "affected"}, {"version": "0", "lessThan": "4.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.23", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/c92f2927df860a60ba815d3ee610a944b92a8694"}, {"url": "https://git.kernel.org/stable/c/77bfdb89cc222fc7bfe198eda77bdc427d5ac189"}, {"url": "https://git.kernel.org/stable/c/04226d8e3c4028dc451e9d8777356ec0f7919253"}, {"url": "https://git.kernel.org/stable/c/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65"}], "title": "f2fs: fix to truncate meta inode pages forcely", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T17:28:33.962208Z", "id": "CVE-2024-26869", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T17:31:41.499Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:04.218Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c92f2927df860a60ba815d3ee610a944b92a8694", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/77bfdb89cc222fc7bfe198eda77bdc427d5ac189", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/04226d8e3c4028dc451e9d8777356ec0f7919253", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26869", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-12T17:28:33.962208Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T17:28:41.121Z"}}], "cna": {"title": "f2fs: fix to truncate meta inode pages forcely", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6aa58d8ad20a", "lessThan": "c92f2927df86", "versionType": "git"}, {"status": "affected", "version": "6aa58d8ad20a", "lessThan": "77bfdb89cc22", "versionType": "git"}, {"status": "affected", "version": "6aa58d8ad20a", "lessThan": "04226d8e3c40", "versionType": "git"}, {"status": "affected", "version": "6aa58d8ad20a", "lessThan": "9f0c4a46be1f", "versionType": "git"}], "programFiles": ["fs/f2fs/checkpoint.c", "fs/f2fs/f2fs.h", "fs/f2fs/segment.c", "include/linux/f2fs_fs.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.19"}, {"status": "unaffected", "version": "0", "lessThan": "4.19", "versionType": "custom"}, {"status": "unaffected", "version": "6.6.23", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.11", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.2", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/f2fs/checkpoint.c", "fs/f2fs/f2fs.h", "fs/f2fs/segment.c", "include/linux/f2fs_fs.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/c92f2927df860a60ba815d3ee610a944b92a8694"}, {"url": "https://git.kernel.org/stable/c/77bfdb89cc222fc7bfe198eda77bdc427d5ac189"}, {"url": "https://git.kernel.org/stable/c/04226d8e3c4028dc451e9d8777356ec0f7919253"}, {"url": "https://git.kernel.org/stable/c/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate meta inode pages forcely\n\nBelow race case can cause data corruption:\n\nThread A\t\t\t\tGC thread\n\t\t\t\t\t- gc_data_segment\n\t\t\t\t\t - ra_data_block\n\t\t\t\t\t - locked meta_inode page\n- f2fs_inplace_write_data\n - invalidate_mapping_pages\n : fail to invalidate meta_inode page\n due to lock failure or dirty|writeback\n status\n - f2fs_submit_page_bio\n : write last dirty data to old blkaddr\n\t\t\t\t\t - move_data_block\n\t\t\t\t\t - load old data from meta_inode page\n\t\t\t\t\t - f2fs_submit_page_write\n\t\t\t\t\t : write old data to new blkaddr\n\nBecause invalidate_mapping_pages() will skip invalidating page which\nhas unclear status including locked, dirty, writeback and so on, so\nwe need to use truncate_inode_pages_range() instead of\ninvalidate_mapping_pages() to make sure meta_inode page will be dropped."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:24:11.307Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26869", "state": "PUBLISHED", "dateUpdated": "2024-06-12T17:31:41.499Z", "dateReserved": "2024-02-19T14:20:24.184Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-17T10:27:30.100Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate meta inode pages forcely\n\nBelow race case can cause data corruption:\n\nThread A\t\t\t\tGC thread\n\t\t\t\t\t- gc_data_segment\n\t\t\t\t\t - ra_data_block\n\t\t\t\t\t - locked meta_inode page\n- f2fs_inplace_write_data\n - invalidate_mapping_pages\n : fail to invalidate meta_inode page\n due to lock failure or dirty|writeback\n status\n - f2fs_submit_page_bio\n : write last dirty data to old blkaddr\n\t\t\t\t\t - move_data_block\n\t\t\t\t\t - load old data from meta_inode page\n\t\t\t\t\t - f2fs_submit_page_write\n\t\t\t\t\t : write old data to new blkaddr\n\nBecause invalidate_mapping_pages() will skip invalidating page which\nhas unclear status including locked, dirty, writeback and so on, so\nwe need to use truncate_inode_pages_range() instead of\ninvalidate_mapping_pages() to make sure meta_inode page will be dropped."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para truncar las p\u00e1ginas de meta-inodo a la fuerza El siguiente caso de carrera puede causar corrupci\u00f3n de datos: Hilo Un hilo de GC - gc_data_segment - ra_data_block - p\u00e1gina de meta_inodo bloqueada - f2fs_inplace_write_data - invalidate_mapping_pages: no se puede invalidar meta_inode p\u00e1gina debido a falla de bloqueo o estado sucio|reescritura - f2fs_submit_page_bio: escribe los \u00faltimos datos sucios en el blkaddr antiguo - move_data_block - carga datos antiguos de la p\u00e1gina meta_inode - f2fs_submit_page_write: escribe datos antiguos en el blkaddr nuevo Porque invalidate_mapping_pages() omitir\u00e1 la p\u00e1gina de invalidaci\u00f3n cuyo estado no est\u00e1 claro incluyendo bloqueado, sucio, reescritura, etc., por lo que debemos usar truncate_inode_pages_range() en lugar de invalidate_mapping_pages() para asegurarnos de que la p\u00e1gina meta_inode se elimine."}], "id": "CVE-2024-26869", "lastModified": "2024-11-21T09:03:15.370", "metrics": {}, "published": "2024-04-17T11:15:09.413", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/04226d8e3c4028dc451e9d8777356ec0f7919253"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/77bfdb89cc222fc7bfe198eda77bdc427d5ac189"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c92f2927df860a60ba815d3ee610a944b92a8694"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/04226d8e3c4028dc451e9d8777356ec0f7919253"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/77bfdb89cc222fc7bfe198eda77bdc427d5ac189"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/c92f2927df860a60ba815d3ee610a944b92a8694"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: f2fs: fix to truncate meta inode pages forcely", "id": "2275713", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275713"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nf2fs: fix to truncate meta inode pages forcely\nBelow race case can cause data corruption:\nThread AGC thread\n- gc_data_segment\n- ra_data_block\n- locked meta_inode page\n- f2fs_inplace_write_data\n- invalidate_mapping_pages\n: fail to invalidate meta_inode page\ndue to lock failure or dirty|writeback\nstatus\n- f2fs_submit_page_bio\n: write last dirty data to old blkaddr\n- move_data_block\n- load old data from meta_inode page\n- f2fs_submit_page_write\n: write old data to new blkaddr\nBecause invalidate_mapping_pages() will skip invalidating page which\nhas unclear status including locked, dirty, writeback and so on, so\nwe need to use truncate_inode_pages_range() instead of\ninvalidate_mapping_pages() to make sure meta_inode page will be dropped.", "A vulnerability was found in the f2fs component in the Linux kernel, where a race condition can be created between the garbage collection thread and the f2fs_inplace_write_data() thread. This could lead to data corruption or system instability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-26869", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26869\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26869\nhttps://lore.kernel.org/linux-cve-announce/2024041738-CVE-2024-26869-c9e2@gregkh/T"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as this vulnerability does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.6.23, kernel 6.7.11, kernel 6.8.2, kernel 6.9-rc1"}