{ "id": "CVE-2024-26871", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-17T11:15:09.513", "lastModified": "2025-01-14T14:46:37.293", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix NULL pointer dereference in f2fs_submit_page_write()\n\nBUG: kernel NULL pointer dereference, address: 0000000000000014\nRIP: 0010:f2fs_submit_page_write+0x6cf/0x780 [f2fs]\nCall Trace:\n\n? show_regs+0x6e/0x80\n? __die+0x29/0x70\n? page_fault_oops+0x154/0x4a0\n? prb_read_valid+0x20/0x30\n? __irq_work_queue_local+0x39/0xd0\n? irq_work_queue+0x36/0x70\n? do_user_addr_fault+0x314/0x6c0\n? exc_page_fault+0x7d/0x190\n? asm_exc_page_fault+0x2b/0x30\n? f2fs_submit_page_write+0x6cf/0x780 [f2fs]\n? f2fs_submit_page_write+0x736/0x780 [f2fs]\ndo_write_page+0x50/0x170 [f2fs]\nf2fs_outplace_write_data+0x61/0xb0 [f2fs]\nf2fs_do_write_data_page+0x3f8/0x660 [f2fs]\nf2fs_write_single_data_page+0x5bb/0x7a0 [f2fs]\nf2fs_write_cache_pages+0x3da/0xbe0 [f2fs]\n...\nIt is possible that other threads have added this fio to io->bio\nand submitted the io->bio before entering f2fs_submit_page_write().\nAt this point io->bio = NULL.\nIf is_end_zone_blkaddr(sbi, fio->new_blkaddr) of this fio is true,\nthen an NULL pointer dereference error occurs at bio_get(io->bio).\nThe original code for determining zone end was after \"out:\",\nwhich would have missed some fio who is zone end. I've moved\n this code before \"skip:\" to make sure it's done for each fio." }, { "lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrige la desreferencia del puntero NULL en f2fs_submit_page_write() ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000014 RIP: 0010:f2fs_submit_page_write+0x6cf/0x780 [f2fs] Seguimiento de llamadas: ? show_regs+0x6e/0x80? __morir+0x29/0x70 ? page_fault_oops+0x154/0x4a0? prb_read_valid+0x20/0x30? __irq_work_queue_local+0x39/0xd0 ? irq_work_queue+0x36/0x70? do_user_addr_fault+0x314/0x6c0? exc_page_fault+0x7d/0x190? asm_exc_page_fault+0x2b/0x30? f2fs_submit_page_write+0x6cf/0x780 [f2fs] ? f2fs_submit_page_write+0x736/0x780 [f2fs] do_write_page+0x50/0x170 [f2fs] f2fs_outplace_write_data+0x61/0xb0 [f2fs] f2fs_do_write_data_page+0x3f8/0x660 [f2fs] f2fs_write_single_data_page+0 x5bb/0x7a0 [f2fs] f2fs_write_cache_pages+0x3da/0xbe0 [f2fs] .. Es posible que otros hilos hayan agregado este fio a io->bio y hayan enviado el io->bio antes de ingresar a f2fs_submit_page_write(). En este punto io->bio = NULL. Si is_end_zone_blkaddr(sbi, fio->new_blkaddr) de este fio es verdadero, entonces se produce un error de desreferencia de puntero NULL en bio_get(io->bio). El c\u00f3digo original para determinar el final de la zona estaba despu\u00e9s de \"out:\", lo que habr\u00eda pasado por alto a alg\u00fan fio que es el final de la zona. Mov\u00ed este c\u00f3digo antes de \"omitir:\" para asegurarme de que est\u00e9 hecho para cada fio." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-476" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.6.23", "matchCriteriaId": "89C006B8-BD53-4D24-9E4A-3482F60C50EC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.7.11", "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.8.2", "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/4c122a32582b67bdd44ca8d25f894ee2dc54f566", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/6d102382a11d5e6035f6c98f6e508a38541f7af3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/8e2ea8b04cb8d976110c4568509e67d6a39b2889", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/c2034ef6192a65a986a45c2aa2ed05824fdc0e9f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/4c122a32582b67bdd44ca8d25f894ee2dc54f566", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/6d102382a11d5e6035f6c98f6e508a38541f7af3", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/8e2ea8b04cb8d976110c4568509e67d6a39b2889", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/c2034ef6192a65a986a45c2aa2ed05824fdc0e9f", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] } ] }