admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-578xx/CVE-2024-57806.json
cad-safe-bot e5af30c7eb Auto-Update: 2025-01-11T15:00:22.016841+00:00
2025-01-11 15:03:45 +00:00

25 lines
3.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-57806",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-11T13:15:30.597",
"lastModified": "2025-01-11T13:15:30.597",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix transaction atomicity bug when enabling simple quotas\n\nSet squota incompat bit before committing the transaction that enables\nthe feature.\n\nWith the config CONFIG_BTRFS_ASSERT enabled, an assertion\nfailure occurs regarding the simple quota feature.\n\n [5.596534] assertion failed: btrfs_fs_incompat(fs_info, SIMPLE_QUOTA), in fs/btrfs/qgroup.c:365\n [5.597098] ------------[ cut here ]------------\n [5.597371] kernel BUG at fs/btrfs/qgroup.c:365!\n [5.597946] CPU: 1 UID: 0 PID: 268 Comm: mount Not tainted 6.13.0-rc2-00031-gf92f4749861b #146\n [5.598450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n [5.599008] RIP: 0010:btrfs_read_qgroup_config+0x74d/0x7a0\n [5.604303] <TASK>\n [5.605230] ? btrfs_read_qgroup_config+0x74d/0x7a0\n [5.605538] ? exc_invalid_op+0x56/0x70\n [5.605775] ? btrfs_read_qgroup_config+0x74d/0x7a0\n [5.606066] ? asm_exc_invalid_op+0x1f/0x30\n [5.606441] ? btrfs_read_qgroup_config+0x74d/0x7a0\n [5.606741] ? btrfs_read_qgroup_config+0x74d/0x7a0\n [5.607038] ? try_to_wake_up+0x317/0x760\n [5.607286] open_ctree+0xd9c/0x1710\n [5.607509] btrfs_get_tree+0x58a/0x7e0\n [5.608002] vfs_get_tree+0x2e/0x100\n [5.608224] fc_mount+0x16/0x60\n [5.608420] btrfs_get_tree+0x2f8/0x7e0\n [5.608897] vfs_get_tree+0x2e/0x100\n [5.609121] path_mount+0x4c8/0xbc0\n [5.609538] __x64_sys_mount+0x10d/0x150\n\nThe issue can be easily reproduced using the following reproducer:\n\n root@q:linux# cat repro.sh\n set -e\n\n mkfs.btrfs -q -f /dev/sdb\n mount /dev/sdb /mnt/btrfs\n btrfs quota enable -s /mnt/btrfs\n umount /mnt/btrfs\n mount /dev/sdb /mnt/btrfs\n\nThe issue is that when enabling quotas, at btrfs_quota_enable(), we set\nBTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE at fs_info->qgroup_flags and persist\nit in the quota root in the item with the key BTRFS_QGROUP_STATUS_KEY, but\nwe only set the incompat bit BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA after we\ncommit the transaction used to enable simple quotas.\n\nThis means that if after that transaction commit we unmount the filesystem\nwithout starting and committing any other transaction, or we have a power\nfailure, the next time we mount the filesystem we will find the flag\nBTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE set in the item with the key\nBTRFS_QGROUP_STATUS_KEY but we will not find the incompat bit\nBTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA set in the superblock, triggering an\nassertion failure at:\n\n btrfs_read_qgroup_config() -> qgroup_read_enable_gen()\n\nTo fix this issue, set the BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA flag\nimmediately after setting the BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE.\nThis ensures that both flags are flushed to disk within the same\ntransaction."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/b87c9b9ba05ba6e8e2ee9ecd29a8c930b35648ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f2363e6fcc7938c5f0f6ac066fad0dd247598b51",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink