mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
168 lines
9.3 KiB
JSON
168 lines
9.3 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-50273",
|
|
"ASSIGNER": "cve@kernel.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reinitialize delayed ref list after deleting it from the list\n\nAt insert_delayed_ref() if we need to update the action of an existing\nref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head's\nref_add_list using list_del(), which leaves the ref's add_list member\nnot reinitialized, as list_del() sets the next and prev members of the\nlist to LIST_POISON1 and LIST_POISON2, respectively.\n\nIf later we end up calling drop_delayed_ref() against the ref, which can\nhappen during merging or when destroying delayed refs due to a transaction\nabort, we can trigger a crash since at drop_delayed_ref() we call\nlist_empty() against the ref's add_list, which returns false since\nthe list was not reinitialized after the list_del() and as a consequence\nwe call list_del() again at drop_delayed_ref(). This results in an\ninvalid list access since the next and prev members are set to poison\npointers, resulting in a splat if CONFIG_LIST_HARDENED and\nCONFIG_DEBUG_LIST are set or invalid poison pointer dereferences\notherwise.\n\nSo fix this by deleting from the list with list_del_init() instead."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Linux",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Linux",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "1d57ee941692",
|
|
"version_value": "2fd0948a483e"
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "4.10",
|
|
"status": "affected"
|
|
},
|
|
{
|
|
"version": "0",
|
|
"lessThan": "4.10",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "4.19.324",
|
|
"lessThanOrEqual": "4.19.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.4.286",
|
|
"lessThanOrEqual": "5.4.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.10.230",
|
|
"lessThanOrEqual": "5.10.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.15.172",
|
|
"lessThanOrEqual": "5.15.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.1.117",
|
|
"lessThanOrEqual": "6.1.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.6.61",
|
|
"lessThanOrEqual": "6.6.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.11.8",
|
|
"lessThanOrEqual": "6.11.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.12",
|
|
"lessThanOrEqual": "*",
|
|
"status": "unaffected",
|
|
"versionType": "original_commit_for_fix"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/2fd0948a483e9cb2d669c7199bc620a21c97673d",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/2fd0948a483e9cb2d669c7199bc620a21c97673d"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/93c5b8decc0ef39ba84f4211d2db6da0a4aefbeb",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/93c5b8decc0ef39ba84f4211d2db6da0a4aefbeb"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/bf0b0c6d159767c0d1c21f793950d78486690ee0",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/bf0b0c6d159767c0d1c21f793950d78486690ee0"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/c24fa427fc0ae827b2a3a07f13738cbf82c3f851",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/c24fa427fc0ae827b2a3a07f13738cbf82c3f851"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/2cb1a73d1d44a1c11b0ee5eeced765dd80ec48e6",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/2cb1a73d1d44a1c11b0ee5eeced765dd80ec48e6"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/f04be6d68f715c1473a8422fc0460f57b5e99931",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/f04be6d68f715c1473a8422fc0460f57b5e99931"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/50a3933760b427759afdd23156a7280a19357a92",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/50a3933760b427759afdd23156a7280a19357a92"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/c9a75ec45f1111ef530ab186c2a7684d0a0c9245",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/c9a75ec45f1111ef530ab186c2a7684d0a0c9245"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "bippy-8e903de6a542"
|
|
}
|
|
} |