{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-42256", "ASSIGNER": "cve@kernel.org", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix server re-repick on subrequest retry\n\nWhen a subrequest is marked for needing retry, netfs will call\ncifs_prepare_write() which will make cifs repick the server for the op\nbefore renegotiating credits; it then calls cifs_issue_write() which\ninvokes smb2_async_writev() - which re-repicks the server.\n\nIf a different server is then selected, this causes the increment of\nserver->in_flight to happen against one record and the decrement to happen\nagainst another, leading to misaccounting.\n\nFix this by just removing the repick code in smb2_async_writev(). As this\nis only called from netfslib-driven code, cifs_prepare_write() should\nalways have been called first, and so server should never be NULL and the\npreparatory step is repeated in the event that we do a retry.\n\nThe problem manifests as a warning looking something like:\n\n WARNING: CPU: 4 PID: 72896 at fs/smb/client/smb2ops.c:97 smb2_add_credits+0x3f0/0x9e0 [cifs]\n ...\n RIP: 0010:smb2_add_credits+0x3f0/0x9e0 [cifs]\n ...\n smb2_writev_callback+0x334/0x560 [cifs]\n cifs_demultiplex_thread+0x77a/0x11b0 [cifs]\n kthread+0x187/0x1d0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n\nWhich may be triggered by a number of different xfstests running against an\nAzure server in multichannel mode. generic/249 seems the most repeatable,\nbut generic/215, generic/249 and generic/308 may also show it." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Linux", "product": { "product_data": [ { "product_name": "Linux", "version": { "version_data": [ { "version_affected": "<", "version_name": "3ee1a1fc3981", "version_value": "b1d0a566769b" }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ { "version": "6.10", "status": "affected" }, { "version": "0", "lessThan": "6.10", "status": "unaffected", "versionType": "custom" }, { "version": "6.10.1", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.11-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ], "defaultStatus": "affected" } } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://git.kernel.org/stable/c/b1d0a566769b6fb3795b5289fc1daf9e0638d97a", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/b1d0a566769b6fb3795b5289fc1daf9e0638d97a" }, { "url": "https://git.kernel.org/stable/c/de40579b903883274fe203865f29d66b168b7236", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/de40579b903883274fe203865f29d66b168b7236" } ] }, "generator": { "engine": "bippy-c9c4e1df01b2" } }