{"vulnerability": "CVE-2024-46701", "sightings": [{"uuid": "19c0c89d-a82b-4105-a7ef-5c6f6da94f42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46701", "type": "seen", "source": "https://t.me/cvedetector/5566", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46701 - \"tmpfs Infinite Directory Read Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-46701 \nPublished : Sept. 13, 2024, 7:15 a.m. | 19\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nlibfs: fix infinite directory reads for offset dir  \n  \nAfter we switch tmpfs dir operations from simple_dir_operations to  \nsimple_offset_dir_operations, every rename happened will fill new dentry  \nto dest dir's maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free  \nkey starting with octx->newx_offset, and then set newx_offset equals to  \nfree key + 1. This will lead to infinite readdir combine with rename  \nhappened at the same time, which fail generic/736 in xfstests(detail show  \nas below).  \n  \n1. create 5000 files(1 2 3...) under one dir  \n2. call readdir(man 3 readdir) once, and get one entry  \n3. rename(entry, \"TEMPFILE\"), then rename(\"TEMPFILE\", entry)  \n4. loop 2~3, until readdir return nothing or we loop too many  \n   times(tmpfs break test with the second condition)  \n  \nWe choose the same logic what commit 9b378f6ad48cf (\"btrfs: fix infinite  \ndirectory reads\") to fix it, record the last_index when we open dir, and  \ndo not emit the entry which index >= last_index. The file->private_data  \nnow used in offset dir can use directly to do this, and we also update  \nthe last_index when we llseek the dir file.  \n  \n[brauner: only update last_index after seek when offset is zero like Jan suggested] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T09:36:07.000000Z"}]}