{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27058", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.214Z", "datePublished": "2024-05-01T13:00:06.852Z", "dateUpdated": "2025-05-04T09:03:17.639Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:03:17.639Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntmpfs: fix race on handling dquot rbtree\n\nA syzkaller reproducer found a race while attempting to remove dquot\ninformation from the rb tree.\n\nFetching the rb_tree root node must also be protected by the\ndqopt->dqio_sem, otherwise, giving the right timing, shmem_release_dquot()\nwill trigger a warning because it couldn't find a node in the tree, when\nthe real reason was the root node changing before the search starts:\n\nThread 1\t\t\t\tThread 2\n- shmem_release_dquot()\t\t\t- shmem_{acquire,release}_dquot()\n\n- fetch ROOT\t\t\t\t- Fetch ROOT\n\n\t\t\t\t\t- acquire dqio_sem\n- wait dqio_sem\n\n\t\t\t\t\t- do something, triger a tree rebalance\n\t\t\t\t\t- release dqio_sem\n\n- acquire dqio_sem\n- start searching for the node, but\n  from the wrong location, missing\n  the node, and triggering a warning."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/shmem_quota.c"], "versions": [{"version": "eafc474e202978ac735c551d5ee1eb8c02e2be54", "lessThan": "c7077f43f30d817d10a9f8245e51576ac114b2f0", "status": "affected", "versionType": "git"}, {"version": "eafc474e202978ac735c551d5ee1eb8c02e2be54", "lessThan": "617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb", "status": "affected", "versionType": "git"}, {"version": "eafc474e202978ac735c551d5ee1eb8c02e2be54", "lessThan": "f82f184874d2761ebaa60dccf577921a0dbb3810", "status": "affected", "versionType": "git"}, {"version": "eafc474e202978ac735c551d5ee1eb8c02e2be54", "lessThan": "0a69b6b3a026543bc215ccc866d0aea5579e6ce2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/shmem_quota.c"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.24", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.3", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.6.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.7.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.8.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c7077f43f30d817d10a9f8245e51576ac114b2f0"}, {"url": "https://git.kernel.org/stable/c/617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb"}, {"url": "https://git.kernel.org/stable/c/f82f184874d2761ebaa60dccf577921a0dbb3810"}, {"url": "https://git.kernel.org/stable/c/0a69b6b3a026543bc215ccc866d0aea5579e6ce2"}], "title": "tmpfs: fix race on handling dquot rbtree", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-17T15:12:32.083830Z", "id": "CVE-2024-27058", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-01T17:11:16.996Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.876Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c7077f43f30d817d10a9f8245e51576ac114b2f0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f82f184874d2761ebaa60dccf577921a0dbb3810", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0a69b6b3a026543bc215ccc866d0aea5579e6ce2", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c7077f43f30d817d10a9f8245e51576ac114b2f0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f82f184874d2761ebaa60dccf577921a0dbb3810", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0a69b6b3a026543bc215ccc866d0aea5579e6ce2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.876Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27058", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T15:12:32.083830Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.538Z"}}], "cna": {"title": "tmpfs: fix race on handling dquot rbtree", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "eafc474e202978ac735c551d5ee1eb8c02e2be54", "lessThan": "c7077f43f30d817d10a9f8245e51576ac114b2f0", "versionType": "git"}, {"status": "affected", "version": "eafc474e202978ac735c551d5ee1eb8c02e2be54", "lessThan": "617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb", "versionType": "git"}, {"status": "affected", "version": "eafc474e202978ac735c551d5ee1eb8c02e2be54", "lessThan": "f82f184874d2761ebaa60dccf577921a0dbb3810", "versionType": "git"}, {"status": "affected", "version": "eafc474e202978ac735c551d5ee1eb8c02e2be54", "lessThan": "0a69b6b3a026543bc215ccc866d0aea5579e6ce2", "versionType": "git"}], "programFiles": ["mm/shmem_quota.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.6"}, {"status": "unaffected", "version": "0", "lessThan": "6.6", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.24", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.12", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.3", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["mm/shmem_quota.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/c7077f43f30d817d10a9f8245e51576ac114b2f0"}, {"url": "https://git.kernel.org/stable/c/617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb"}, {"url": "https://git.kernel.org/stable/c/f82f184874d2761ebaa60dccf577921a0dbb3810"}, {"url": "https://git.kernel.org/stable/c/0a69b6b3a026543bc215ccc866d0aea5579e6ce2"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntmpfs: fix race on handling dquot rbtree\n\nA syzkaller reproducer found a race while attempting to remove dquot\ninformation from the rb tree.\n\nFetching the rb_tree root node must also be protected by the\ndqopt->dqio_sem, otherwise, giving the right timing, shmem_release_dquot()\nwill trigger a warning because it couldn't find a node in the tree, when\nthe real reason was the root node changing before the search starts:\n\nThread 1\t\t\t\tThread 2\n- shmem_release_dquot()\t\t\t- shmem_{acquire,release}_dquot()\n\n- fetch ROOT\t\t\t\t- Fetch ROOT\n\n\t\t\t\t\t- acquire dqio_sem\n- wait dqio_sem\n\n\t\t\t\t\t- do something, triger a tree rebalance\n\t\t\t\t\t- release dqio_sem\n\n- acquire dqio_sem\n- start searching for the node, but\n  from the wrong location, missing\n  the node, and triggering a warning."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:53:32.792Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27058", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:53:32.792Z", "dateReserved": "2024-02-19T14:20:24.214Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-01T13:00:06.852Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A32A237-A8EE-4654-9BB7-94C95ED898F1", "versionEndExcluding": "6.6.24", "versionStartIncluding": "6.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BE9771A-BAFD-4624-95F9-58D536540C53", "versionEndExcluding": "6.7.12", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C59BBC3-6495-4A77-9C82-55EC7CDF5E02", "versionEndExcluding": "6.8.3", "versionStartIncluding": "6.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntmpfs: fix race on handling dquot rbtree\n\nA syzkaller reproducer found a race while attempting to remove dquot\ninformation from the rb tree.\n\nFetching the rb_tree root node must also be protected by the\ndqopt->dqio_sem, otherwise, giving the right timing, shmem_release_dquot()\nwill trigger a warning because it couldn't find a node in the tree, when\nthe real reason was the root node changing before the search starts:\n\nThread 1\t\t\t\tThread 2\n- shmem_release_dquot()\t\t\t- shmem_{acquire,release}_dquot()\n\n- fetch ROOT\t\t\t\t- Fetch ROOT\n\n\t\t\t\t\t- acquire dqio_sem\n- wait dqio_sem\n\n\t\t\t\t\t- do something, triger a tree rebalance\n\t\t\t\t\t- release dqio_sem\n\n- acquire dqio_sem\n- start searching for the node, but\n  from the wrong location, missing\n  the node, and triggering a warning."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: tmpfs: corrige la ejecuci\u00f3n al manejar dquot rbtree Un reproductor syzkaller encontr\u00f3 una ejecuci\u00f3n al intentar eliminar informaci\u00f3n de dquot del \u00e1rbol rb. La recuperaci\u00f3n del nodo ra\u00edz de rb_tree tambi\u00e9n debe estar protegida por dqopt->dqio_sem; de lo contrario, si se da el momento adecuado, shmem_release_dquot() activar\u00e1 una advertencia porque no pudo encontrar un nodo en el \u00e1rbol, cuando la verdadera raz\u00f3n era el nodo ra\u00edz. cambiando antes de que comience la b\u00fasqueda: Hilo 1 Hilo 2 - shmem_release_dquot() - shmem_{acquire,release}_dquot() - buscar ROOT - Obtener ROOT - adquirir dqio_sem - esperar dqio_sem - hacer algo, activar un reequilibrio de \u00e1rbol - liberar dqio_sem - adquirir dqio_sem - comienza a buscar el nodo, pero desde la ubicaci\u00f3n incorrecta, pierde el nodo y genera una advertencia."}], "id": "CVE-2024-27058", "lastModified": "2025-04-08T19:42:55.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-01T13:15:50.450", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0a69b6b3a026543bc215ccc866d0aea5579e6ce2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c7077f43f30d817d10a9f8245e51576ac114b2f0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f82f184874d2761ebaa60dccf577921a0dbb3810"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0a69b6b3a026543bc215ccc866d0aea5579e6ce2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c7077f43f30d817d10a9f8245e51576ac114b2f0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f82f184874d2761ebaa60dccf577921a0dbb3810"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: tmpfs: fix race on handling dquot rbtree", "id": "2278404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278404"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntmpfs: fix race on handling dquot rbtree\nA syzkaller reproducer found a race while attempting to remove dquot\ninformation from the rb tree.\nFetching the rb_tree root node must also be protected by the\ndqopt->dqio_sem, otherwise, giving the right timing, shmem_release_dquot()\nwill trigger a warning because it couldn't find a node in the tree, when\nthe real reason was the root node changing before the search starts:\nThread 1Thread 2\n- shmem_release_dquot()- shmem_{acquire,release}_dquot()\n- fetch ROOT- Fetch ROOT\n- acquire dqio_sem\n- wait dqio_sem\n- do something, triger a tree rebalance\n- release dqio_sem\n- acquire dqio_sem\n- start searching for the node, but\nfrom the wrong location, missing\nthe node, and triggering a warning.", "A vulnerability was found in the Linux Kernel's memory management subsystem, where a race condition while attempting to remove dquot information from the rb tree can lead to a kernel panic. The race condition occurs due to a lack of proper protections when fetching the rb_tree root node. Given the right timing, this could cause the shmem_relewase_dquot() function to trigger a panic because it cannot find a node in the tree, when the reason is that the root node was changed before the search starts. This issue can lead to system instability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-27058", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27058\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27058\nhttps://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-27058-e8f6@gregkh/T"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as this vulnerability does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue, and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Moderate"}