{ "containers": { "cna": { "providerMetadata": { "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()\n\nSyzbot reports a warning as follows:\n\n============================================\nWARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mb_cache_destroy+0x224/0x290\nModules linked in:\nCPU: 0 PID: 5075 Comm: syz-executor199 Not tainted 6.9.0-rc6-gb947cc5bf6d7\nRIP: 0010:mb_cache_destroy+0x224/0x290 fs/mbcache.c:419\nCall Trace:\n \n ext4_put_super+0x6d4/0xcd0 fs/ext4/super.c:1375\n generic_shutdown_super+0x136/0x2d0 fs/super.c:641\n kill_block_super+0x44/0x90 fs/super.c:1675\n ext4_kill_sb+0x68/0xa0 fs/ext4/super.c:7327\n[...]\n============================================\n\nThis is because when finding an entry in ext4_xattr_block_cache_find(), if\next4_sb_bread() returns -ENOMEM, the ce's e_refcnt, which has already grown\nin the __entry_find(), won't be put away, and eventually trigger the above\nissue in mb_cache_destroy() due to reference count leakage.\n\nSo call mb_cache_entry_put() on the -ENOMEM error branch as a quick fix." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/ext4/xattr.c" ], "versions": [ { "version": "b878c8a7f08f", "lessThan": "9ad75e78747b", "status": "affected", "versionType": "git" }, { "version": "fb265c9cb49e", "lessThan": "896a7e7d0d55", "status": "affected", "versionType": "git" }, { "version": "fb265c9cb49e", "lessThan": "76dc776153a4", "status": "affected", "versionType": "git" }, { "version": "fb265c9cb49e", "lessThan": "681ff9a09acc", "status": "affected", "versionType": "git" }, { "version": "fb265c9cb49e", "lessThan": "e941b712e758", "status": "affected", "versionType": "git" }, { "version": "fb265c9cb49e", "lessThan": "a95df6f04f2c", "status": "affected", "versionType": "git" }, { "version": "fb265c9cb49e", "lessThan": "b37c0edef4e6", "status": "affected", "versionType": "git" }, { "version": "fb265c9cb49e", "lessThan": "0c0b4a49d3e7", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/ext4/xattr.c" ], "versions": [ { "version": "5.0", "status": "affected" }, { "version": "0", "lessThan": "5.0", "status": "unaffected", "versionType": "custom" }, { "version": "4.19.316", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.4.278", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.10.219", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.15.161", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.1.94", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.6.34", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.9.5", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/9ad75e78747b5a50dc5a52f0f8e92e920a653f16" }, { "url": "https://git.kernel.org/stable/c/896a7e7d0d555ad8b2b46af0c2fa7de7467f9483" }, { "url": "https://git.kernel.org/stable/c/76dc776153a47372719d664e0fc50d6355791abb" }, { "url": "https://git.kernel.org/stable/c/681ff9a09accd8a4379f8bd30b7a1641ee19bb3e" }, { "url": "https://git.kernel.org/stable/c/e941b712e758f615d311946bf98216e79145ccd9" }, { "url": "https://git.kernel.org/stable/c/a95df6f04f2c37291adf26a74205cde0314d4577" }, { "url": "https://git.kernel.org/stable/c/b37c0edef4e66fb21a2fbc211471195a383e5ab8" }, { "url": "https://git.kernel.org/stable/c/0c0b4a49d3e7f49690a6827a41faeffad5df7e21" } ], "title": "ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()", "x_generator": { "engine": "bippy-c9c4e1df01b2" } } }, "cveMetadata": { "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", "cveID": "CVE-2024-39276", "requesterUserId": "gregkh@kernel.org", "serial": "1", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }