CVE-2024-47680

{"id": "CVE-2024-47680", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-10-21T12:15:05.003", "references": [{"url": "https://git.kernel.org/stable/c/43aec4d01bd2ce961817a777b3846f8318f398e4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7bd7ce68ddad5a28565e42ef21cacaff113773a9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d2352b57897f6a3349666fc318dcbec99092c6a5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check discard support for conventional zones\n\nAs the helper function f2fs_bdev_support_discard() shows, f2fs checks if\nthe target block devices support discard by calling\nbdev_max_discard_sectors() and bdev_is_zoned(). This check works well\nfor most cases, but it does not work for conventional zones on zoned\nblock devices. F2fs assumes that zoned block devices support discard,\nand calls __submit_discard_cmd(). When __submit_discard_cmd() is called\nfor sequential write required zones, it works fine since\n__submit_discard_cmd() issues zone reset commands instead of discard\ncommands. However, when __submit_discard_cmd() is called for\nconventional zones, __blkdev_issue_discard() is called even when the\ndevices do not support discard.\n\nThe inappropriate __blkdev_issue_discard() call was not a problem before\nthe commit 30f1e7241422 (\"block: move discard checks into the ioctl\nhandler\") because __blkdev_issue_discard() checked if the target devices\nsupport discard or not. If not, it returned EOPNOTSUPP. After the\ncommit, __blkdev_issue_discard() no longer checks it. It always returns\nzero and sets NULL to the given bio pointer. This NULL pointer triggers\nf2fs_bug_on() in __submit_discard_cmd(). The BUG is recreated with the\ncommands below at the umount step, where /dev/nullb0 is a zoned null_blk\nwith 5GB total size, 128MB zone size and 10 conventional zones.\n\n$ mkfs.f2fs -f -m /dev/nullb0\n$ mount /dev/nullb0 /mnt\n$ for ((i=0;i<5;i++)); do dd if=/dev/zero of=/mnt/test bs=65536 count=1600 conv=fsync; done\n$ umount /mnt\n\nTo fix the BUG, avoid the inappropriate __blkdev_issue_discard() call.\nWhen discard is requested for conventional zones, check if the device\nsupports discard or not. If not, return EOPNOTSUPP."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: comprobar la compatibilidad con el descarte para zonas convencionales Como muestra la funci\u00f3n auxiliar f2fs_bdev_support_discard(), f2fs comprueba si los dispositivos de bloque de destino admiten el descarte llamando a bdev_max_discard_sectors() y bdev_is_zoned(). Esta comprobaci\u00f3n funciona bien en la mayor\u00eda de los casos, pero no funciona para zonas convencionales en dispositivos de bloque con zonas. F2fs supone que los dispositivos de bloque con zonas admiten el descarte y llama a __submit_discard_cmd(). Cuando se llama a __submit_discard_cmd() para zonas que requieren escritura secuencial, funciona bien ya que __submit_discard_cmd() emite comandos de restablecimiento de zona en lugar de comandos de descarte. Sin embargo, cuando se llama a __submit_discard_cmd() para zonas convencionales, se llama a __blkdev_issue_discard() incluso cuando los dispositivos no admiten el descarte. La llamada inapropiada a __blkdev_issue_discard() no era un problema antes de el commit 30f1e7241422 (\"bloqueo: mover las comprobaciones de descarte al controlador ioctl\") porque __blkdev_issue_discard() comprobaba si los dispositivos de destino admit\u00edan o no el descarte. Si no, devolv\u00eda EOPNOTSUPP. Despu\u00e9s de el commit, __blkdev_issue_discard() ya no lo comprueba. Siempre devuelve cero y establece NULL en el puntero bio indicado. Este puntero NULL activa f2fs_bug_on() en __submit_discard_cmd(). El ERROR se vuelve a crear con los comandos siguientes en el paso de desmontaje, donde /dev/nullb0 es un null_blk zonificado con un tama\u00f1o total de 5 GB, un tama\u00f1o de zona de 128 MB y 10 zonas convencionales. $ mkfs.f2fs -f -m /dev/nullb0 $ mount /dev/nullb0 /mnt $ for ((i=0;i&lt;5;i++)); do dd if=/dev/zero of=/mnt/test bs=65536 count=1600 conv=fsync; done $ umount /mnt Para corregir el ERROR, evite la llamada __blkdev_issue_discard() inapropiada. Cuando se solicita el descarte para zonas convencionales, verifique si el dispositivo admite el descarte o no. Si no es as\u00ed, devuelva EOPNOTSUPP."}], "lastModified": "2024-10-24T13:28:28.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "767D4D2D-C6E7-4B7D-9446-CFC8F8FF2FBB", "versionEndExcluding": "6.10.13", "versionStartIncluding": "6.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181", "versionEndExcluding": "6.11.2", "versionStartIncluding": "6.11"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}