Vulnerability-Lookup

SUSE-SU-2024:3403-1

Vulnerability from csaf_suse - Published: 2024-09-23 13:55 - Updated: 2024-09-23 13:55

Summary

Security update for the Linux Kernel

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel

Description of the patch: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-45003: Don't evict inode under the inode lru traversing context. (bsc#1230245) The following non-security bugs were fixed: - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section'. (bsc#1230413) - Revert 'mm/sparsemem: fix race in accessing memory_section->usage'. (bsc#1230413) - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()'. (bsc#1230413)

Patchnames: SUSE-2024-3403,SUSE-SLE-Micro-5.3-2024-3403,SUSE-SLE-Micro-5.4-2024-3403

CVE-2024-45003

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/s…	self
	https://www.suse.com/support/update/announcement/…	self
	https://lists.suse.com/pipermail/sle-security-upd…	self
	https://bugzilla.suse.com/1230245	self
	https://bugzilla.suse.com/1230413	self
	https://www.suse.com/security/cve/CVE-2024-45003/	self
	https://www.suse.com/security/cve/CVE-2024-45003	external
	https://bugzilla.suse.com/1230245	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThe SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-45003: Don\u0027t evict inode under the inode lru traversing context. (bsc#1230245) \n\nThe following non-security bugs were fixed:\n\n- Revert \u0027mm, kmsan: fix infinite recursion due to RCU critical section\u0027. (bsc#1230413)\n- Revert \u0027mm/sparsemem: fix race in accessing memory_section-\u003eusage\u0027. (bsc#1230413)\n- Revert \u0027mm: prevent derefencing NULL ptr in pfn_section_valid()\u0027. (bsc#1230413)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-3403,SUSE-SLE-Micro-5.3-2024-3403,SUSE-SLE-Micro-5.4-2024-3403",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3403-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:3403-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243403-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:3403-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019501.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1230245",
        "url": "https://bugzilla.suse.com/1230245"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1230413",
        "url": "https://bugzilla.suse.com/1230413"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-45003 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-45003/"
      }
    ],
    "title": "Security update for the Linux Kernel",
    "tracking": {
      "current_release_date": "2024-09-23T13:55:21Z",
      "generator": {
        "date": "2024-09-23T13:55:21Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:3403-1",
      "initial_release_date": "2024-09-23T13:55:21Z",
      "revision_history": [
        {
          "date": "2024-09-23T13:55:21Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-rt-5.14.21-150400.15.94.1.noarch",
                "product": {
                  "name": "kernel-devel-rt-5.14.21-150400.15.94.1.noarch",
                  "product_id": "kernel-devel-rt-5.14.21-150400.15.94.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-rt-5.14.21-150400.15.94.1.noarch",
                "product": {
                  "name": "kernel-source-rt-5.14.21-150400.15.94.1.noarch",
                  "product_id": "kernel-source-rt-5.14.21-150400.15.94.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cluster-md-kmp-rt-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "cluster-md-kmp-rt-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "cluster-md-kmp-rt-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dlm-kmp-rt-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "dlm-kmp-rt-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "dlm-kmp-rt-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gfs2-kmp-rt-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "gfs2-kmp-rt-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "gfs2-kmp-rt-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "kernel-rt-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "kernel-rt-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "kernel-rt-devel-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "kernel-rt-devel-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-extra-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "kernel-rt-extra-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "kernel-rt-extra-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-livepatch-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "kernel-rt-livepatch-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "kernel-rt-livepatch-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-livepatch-devel-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "kernel-rt-livepatch-devel-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "kernel-rt-livepatch-devel-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-optional-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "kernel-rt-optional-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "kernel-rt-optional-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_debug-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "kernel-rt_debug-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "kernel-rt_debug-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_debug-devel-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "kernel-rt_debug-devel-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "kernel-rt_debug-devel-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_debug-livepatch-devel-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "kernel-rt_debug-livepatch-devel-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "kernel-rt_debug-livepatch-devel-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-rt-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "kernel-syms-rt-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "kernel-syms-rt-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kselftests-kmp-rt-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "kselftests-kmp-rt-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "kselftests-kmp-rt-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ocfs2-kmp-rt-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "ocfs2-kmp-rt-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "ocfs2-kmp-rt-5.14.21-150400.15.94.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "reiserfs-kmp-rt-5.14.21-150400.15.94.1.x86_64",
                "product": {
                  "name": "reiserfs-kmp-rt-5.14.21-150400.15.94.1.x86_64",
                  "product_id": "reiserfs-kmp-rt-5.14.21-150400.15.94.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.3",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.3",
                  "product_id": "SUSE Linux Enterprise Micro 5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.4",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.4",
                  "product_id": "SUSE Linux Enterprise Micro 5.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-5.14.21-150400.15.94.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.94.1.x86_64"
        },
        "product_reference": "kernel-rt-5.14.21-150400.15.94.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-rt-5.14.21-150400.15.94.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.94.1.noarch"
        },
        "product_reference": "kernel-source-rt-5.14.21-150400.15.94.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-5.14.21-150400.15.94.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.94.1.x86_64"
        },
        "product_reference": "kernel-rt-5.14.21-150400.15.94.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-rt-5.14.21-150400.15.94.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.94.1.noarch"
        },
        "product_reference": "kernel-source-rt-5.14.21-150400.15.94.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-45003",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-45003"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don\u0027t evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n        if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru-\u003ei_ea\n 3. Then, following three processes running like this:\n\n    PA                              PB\n echo 2 \u003e /proc/sys/vm/drop_caches\n  shrink_slab\n   prune_dcache_sb\n   // i_reg is added into lru, lru-\u003ei_ea-\u003ei_reg\n   prune_icache_sb\n    list_lru_walk_one\n     inode_lru_isolate\n      i_ea-\u003ei_state |= I_FREEING // set inode state\n     inode_lru_isolate\n      __iget(i_reg)\n      spin_unlock(\u0026i_reg-\u003ei_lock)\n      spin_unlock(lru_lock)\n                                     rm file A\n                                      i_reg-\u003enlink = 0\n      iput(i_reg) // i_reg-\u003enlink is 0, do evict\n       ext4_evict_inode\n        ext4_xattr_delete_inode\n         ext4_xattr_inode_dec_ref_all\n          ext4_xattr_inode_iget\n           ext4_iget(i_ea-\u003ei_ino)\n            iget_locked\n             find_inode_fast\n              __wait_on_freeing_inode(i_ea) -----\u003e AA deadlock\n    dispose_list // cannot be executed by prune_icache_sb\n     wake_up_bit(\u0026i_ea-\u003ei_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n        deleting process holds BASEHD\u0027s wbuf-\u003eio_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n        reclaiming process could try locking BASEHD\u0027s wbuf-\u003eio_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n    inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru-\u003eixa\n 3. Then, following three processes running like this:\n\n        PA                PB                        PC\n                echo 2 \u003e /proc/sys/vm/drop_caches\n                 shrink_slab\n                  prune_dcache_sb\n                  // ib and ia are added into lru, lru-\u003eixa-\u003eib-\u003eia\n                  prune_icache_sb\n                   list_lru_walk_one\n                    inode_lru_isolate\n                     ixa-\u003ei_state |= I_FREEING // set inode state\n                    inode_lru_isolate\n                     __iget(ib)\n                     spin_unlock(\u0026ib-\u003ei_lock)\n                     spin_unlock(lru_lock)\n                                                   rm file B\n                                                    ib-\u003enlink = 0\n rm file A\n  iput(ia)\n   ubifs_evict_inode(ia)\n    ubifs_jnl_delete_inode(ia)\n     ubifs_jnl_write_inode(ia)\n      make_reservation(BASEHD) // Lock wbuf-\u003eio_mutex\n      ubifs_iget(ixa-\u003ei_ino)\n       iget_locked\n        find_inode_fast\n         __wait_on_freeing_inode(ixa)\n          |          iput(ib) // ib-\u003enlink is 0, do evict\n          |           ubifs_evict_inode\n          |            ubifs_jnl_delete_inode(ib)\n          v             ubifs_jnl_write_inode\n     ABBA deadlock \u003c------make_reservation(BASEHD)\n                   dispose_list // cannot be executed by prune_icache_sb\n                    wake_up_bit(\u0026ixa-\u003ei_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.94.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.94.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.94.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.94.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-45003",
          "url": "https://www.suse.com/security/cve/CVE-2024-45003"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1230245 for CVE-2024-45003",
          "url": "https://bugzilla.suse.com/1230245"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.94.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.94.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.94.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.94.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.94.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.94.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.94.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.94.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-09-23T13:55:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-45003"
    }
  ]
}

CVE-2024-45003 (GCVE-0-2024-45003)

Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:15

Title

vfs: Don't evict inode under the inode lru traversing context

Summary

In the Linux kernel, the following vulnerability has been resolved: vfs: Don't evict inode under the inode lru traversing context The inode reclaiming process(See function prune_icache_sb) collects all reclaimable inodes and mark them with I_FREEING flag at first, at that time, other processes will be stuck if they try getting these inodes (See function find_inode_fast), then the reclaiming process destroy the inodes by function dispose_list(). Some filesystems(eg. ext4 with ea_inode feature, ubifs with xattr) may do inode lookup in the inode evicting callback function, if the inode lookup is operated under the inode lru traversing context, deadlock problems may happen. Case 1: In function ext4_evict_inode(), the ea inode lookup could happen if ea_inode feature is enabled, the lookup process will be stuck under the evicting context like this: 1. File A has inode i_reg and an ea inode i_ea 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea 3. Then, following three processes running like this: PA PB echo 2 > /proc/sys/vm/drop_caches shrink_slab prune_dcache_sb // i_reg is added into lru, lru->i_ea->i_reg prune_icache_sb list_lru_walk_one inode_lru_isolate i_ea->i_state |= I_FREEING // set inode state inode_lru_isolate __iget(i_reg) spin_unlock(&i_reg->i_lock) spin_unlock(lru_lock) rm file A i_reg->nlink = 0 iput(i_reg) // i_reg->nlink is 0, do evict ext4_evict_inode ext4_xattr_delete_inode ext4_xattr_inode_dec_ref_all ext4_xattr_inode_iget ext4_iget(i_ea->i_ino) iget_locked find_inode_fast __wait_on_freeing_inode(i_ea) ----→ AA deadlock dispose_list // cannot be executed by prune_icache_sb wake_up_bit(&i_ea->i_state) Case 2: In deleted inode writing function ubifs_jnl_write_inode(), file deleting process holds BASEHD's wbuf->io_mutex while getting the xattr inode, which could race with inode reclaiming process(The reclaiming process could try locking BASEHD's wbuf->io_mutex in inode evicting function), then an ABBA deadlock problem would happen as following: 1. File A has inode ia and a xattr(with inode ixa), regular file B has inode ib and a xattr. 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa 3. Then, following three processes running like this: PA PB PC echo 2 > /proc/sys/vm/drop_caches shrink_slab prune_dcache_sb // ib and ia are added into lru, lru->ixa->ib->ia prune_icache_sb list_lru_walk_one inode_lru_isolate ixa->i_state |= I_FREEING // set inode state inode_lru_isolate __iget(ib) spin_unlock(&ib->i_lock) spin_unlock(lru_lock) rm file B ib->nlink = 0 rm file A iput(ia) ubifs_evict_inode(ia) ubifs_jnl_delete_inode(ia) ubifs_jnl_write_inode(ia) make_reservation(BASEHD) // Lock wbuf->io_mutex ubifs_iget(ixa->i_ino) iget_locked find_inode_fast __wait_on_freeing_inode(ixa) | iput(ib) // ib->nlink is 0, do evict | ubifs_evict_inode | ubifs_jnl_delete_inode(ib) ↓ ubifs_jnl_write_inode ABBA deadlock ←-----make_reservation(BASEHD) dispose_list // cannot be executed by prune_icache_sb wake_up_bit(&ixa->i_state) Fix the possible deadlock by using new inode state flag I_LRU_ISOLATING to pin the inode in memory while inode_lru_isolate( ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3525ad25240dfdd8c…
	https://git.kernel.org/stable/c/03880af02a78bc9a9…
	https://git.kernel.org/stable/c/cda54ec82c0f9d053…
	https://git.kernel.org/stable/c/437741eba63bf4e43…
	https://git.kernel.org/stable/c/b9bda5f6012dd0037…
	https://git.kernel.org/stable/c/9063ab49c11e9518a…
	https://git.kernel.org/stable/c/2a0629834cd82f05d…

Impacted products

Vendor

Product

Version

Linux

Affected: e50e5129f384ae282adebfb561189cdb19b81cee , < 3525ad25240dfdd8c78f3470911ed10aa727aa72 (git)
Affected: e50e5129f384ae282adebfb561189cdb19b81cee , < 03880af02a78bc9a98b5a581f529cf709c88a9b8 (git)
Affected: e50e5129f384ae282adebfb561189cdb19b81cee , < cda54ec82c0f9d05393242b20b13f69b083f7e88 (git)
Affected: e50e5129f384ae282adebfb561189cdb19b81cee , < 437741eba63bf4e437e2beb5583f8633556a2b98 (git)
Affected: e50e5129f384ae282adebfb561189cdb19b81cee , < b9bda5f6012dd00372f3a06a82ed8971a4c57c32 (git)
Affected: e50e5129f384ae282adebfb561189cdb19b81cee , < 9063ab49c11e9518a3f2352434bb276cc8134c5f (git)
Affected: e50e5129f384ae282adebfb561189cdb19b81cee , < 2a0629834cd82f05d424bbc193374f9a43d1f87d (git)

Linux

Affected: 4.13
Unaffected: 0 , < 4.13 (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45003",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:18:27.700271Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:18:52.460Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:15:06.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/inode.c",
            "include/linux/fs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3525ad25240dfdd8c78f3470911ed10aa727aa72",
              "status": "affected",
              "version": "e50e5129f384ae282adebfb561189cdb19b81cee",
              "versionType": "git"
            },
            {
              "lessThan": "03880af02a78bc9a98b5a581f529cf709c88a9b8",
              "status": "affected",
              "version": "e50e5129f384ae282adebfb561189cdb19b81cee",
              "versionType": "git"
            },
            {
              "lessThan": "cda54ec82c0f9d05393242b20b13f69b083f7e88",
              "status": "affected",
              "version": "e50e5129f384ae282adebfb561189cdb19b81cee",
              "versionType": "git"
            },
            {
              "lessThan": "437741eba63bf4e437e2beb5583f8633556a2b98",
              "status": "affected",
              "version": "e50e5129f384ae282adebfb561189cdb19b81cee",
              "versionType": "git"
            },
            {
              "lessThan": "b9bda5f6012dd00372f3a06a82ed8971a4c57c32",
              "status": "affected",
              "version": "e50e5129f384ae282adebfb561189cdb19b81cee",
              "versionType": "git"
            },
            {
              "lessThan": "9063ab49c11e9518a3f2352434bb276cc8134c5f",
              "status": "affected",
              "version": "e50e5129f384ae282adebfb561189cdb19b81cee",
              "versionType": "git"
            },
            {
              "lessThan": "2a0629834cd82f05d424bbc193374f9a43d1f87d",
              "status": "affected",
              "version": "e50e5129f384ae282adebfb561189cdb19b81cee",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/inode.c",
            "include/linux/fs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.13"
            },
            {
              "lessThan": "4.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don\u0027t evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n        if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru-\u003ei_ea\n 3. Then, following three processes running like this:\n\n    PA                              PB\n echo 2 \u003e /proc/sys/vm/drop_caches\n  shrink_slab\n   prune_dcache_sb\n   // i_reg is added into lru, lru-\u003ei_ea-\u003ei_reg\n   prune_icache_sb\n    list_lru_walk_one\n     inode_lru_isolate\n      i_ea-\u003ei_state |= I_FREEING // set inode state\n     inode_lru_isolate\n      __iget(i_reg)\n      spin_unlock(\u0026i_reg-\u003ei_lock)\n      spin_unlock(lru_lock)\n                                     rm file A\n                                      i_reg-\u003enlink = 0\n      iput(i_reg) // i_reg-\u003enlink is 0, do evict\n       ext4_evict_inode\n        ext4_xattr_delete_inode\n         ext4_xattr_inode_dec_ref_all\n          ext4_xattr_inode_iget\n           ext4_iget(i_ea-\u003ei_ino)\n            iget_locked\n             find_inode_fast\n              __wait_on_freeing_inode(i_ea) ----\u2192 AA deadlock\n    dispose_list // cannot be executed by prune_icache_sb\n     wake_up_bit(\u0026i_ea-\u003ei_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n        deleting process holds BASEHD\u0027s wbuf-\u003eio_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n        reclaiming process could try locking BASEHD\u0027s wbuf-\u003eio_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n    inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru-\u003eixa\n 3. Then, following three processes running like this:\n\n        PA                PB                        PC\n                echo 2 \u003e /proc/sys/vm/drop_caches\n                 shrink_slab\n                  prune_dcache_sb\n                  // ib and ia are added into lru, lru-\u003eixa-\u003eib-\u003eia\n                  prune_icache_sb\n                   list_lru_walk_one\n                    inode_lru_isolate\n                     ixa-\u003ei_state |= I_FREEING // set inode state\n                    inode_lru_isolate\n                     __iget(ib)\n                     spin_unlock(\u0026ib-\u003ei_lock)\n                     spin_unlock(lru_lock)\n                                                   rm file B\n                                                    ib-\u003enlink = 0\n rm file A\n  iput(ia)\n   ubifs_evict_inode(ia)\n    ubifs_jnl_delete_inode(ia)\n     ubifs_jnl_write_inode(ia)\n      make_reservation(BASEHD) // Lock wbuf-\u003eio_mutex\n      ubifs_iget(ixa-\u003ei_ino)\n       iget_locked\n        find_inode_fast\n         __wait_on_freeing_inode(ixa)\n          |          iput(ib) // ib-\u003enlink is 0, do evict\n          |           ubifs_evict_inode\n          |            ubifs_jnl_delete_inode(ib)\n          \u2193             ubifs_jnl_write_inode\n     ABBA deadlock \u2190-----make_reservation(BASEHD)\n                   dispose_list // cannot be executed by prune_icache_sb\n                    wake_up_bit(\u0026ixa-\u003ei_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:30:49.156Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3525ad25240dfdd8c78f3470911ed10aa727aa72"
        },
        {
          "url": "https://git.kernel.org/stable/c/03880af02a78bc9a98b5a581f529cf709c88a9b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/cda54ec82c0f9d05393242b20b13f69b083f7e88"
        },
        {
          "url": "https://git.kernel.org/stable/c/437741eba63bf4e437e2beb5583f8633556a2b98"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9bda5f6012dd00372f3a06a82ed8971a4c57c32"
        },
        {
          "url": "https://git.kernel.org/stable/c/9063ab49c11e9518a3f2352434bb276cc8134c5f"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a0629834cd82f05d424bbc193374f9a43d1f87d"
        }
      ],
      "title": "vfs: Don\u0027t evict inode under the inode lru traversing context",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45003",
    "datePublished": "2024-09-04T19:54:46.276Z",
    "dateReserved": "2024-08-21T05:34:56.678Z",
    "dateUpdated": "2025-11-03T22:15:06.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2024:3403-1

CVE-2024-45003 (GCVE-0-2024-45003)

Tags

Sightings

Nomenclature