In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ares still locks in that lockspace, DLM will unlock those locks automatically. Commit fb6791d100d1b started exploiting this behavior to speed up filesystem unmount: gfs2 would simply free glocks it didn't want to unlock and then release the lockspace. This didn't take the bast callbacks for asynchronous lock contention notifications into account, which remain active until until a lock is unlocked or its lockspace is released. To prevent those callbacks from accessing deallocated objects, put the glocks that should not be unlocked on the sd_dead_glocks list, release the lockspace, and only then free those glocks. As an additional measure, ignore unexpected ast and bast callbacks if the receiving glock is dead.
History

Tue, 05 Nov 2024 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 24 Sep 2024 11:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9

Tue, 24 Sep 2024 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
Vendors & Products Redhat enterprise Linux

Thu, 12 Sep 2024 08:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 11 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 06 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.2::nfv
cpe:/o:redhat:rhel_eus:8.8
Vendors & Products Redhat rhel Eus

Wed, 21 Aug 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/o:redhat:rhel_aus:8.6
cpe:/o:redhat:rhel_e4s:8.6
cpe:/o:redhat:rhel_tus:8.6
Vendors & Products Redhat
Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-19T13:35:36.274Z

Updated: 2024-12-19T09:04:45.923Z

Reserved: 2024-06-18T19:36:34.923Z

Link: CVE-2024-38570

cve-icon Vulnrichment

Updated: 2024-08-02T04:12:25.837Z

cve-icon NVD

Status : Modified

Published: 2024-06-19T14:15:17.153

Modified: 2024-11-21T09:26:22.457

Link: CVE-2024-38570

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-06-19T00:00:00Z

Links: CVE-2024-38570 - Bugzilla