CVE-2024-41083 Information

Jul 31, 2024 cve

Description

In the Linux kernel the following vulnerability has been resolved:

netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid

Fix netfs_page_mkwrite() to check that folio->mapping is valid once it has taken the folio lock (as filemap_page_mkwrite() does). Without this generic/247 occasionally oopses with something like the following:

BUG: kernel NULL pointer dereference address: 0000000000000000
PF: supervisor read access in kernel mode
PF: error_code(0x0000) - not-present page

RIP: 0010:trace_event_raw_event_netfs_folio+0x61/0xc0
...
Call Trace:
 <TASK>
 ? __die_body+0x1a/0x60
 ? page_fault_oops+0x6e/0xa0
 ? exc_page_fault+0xc2/0xe0
 ? asm_exc_page_fault+0x22/0x30
 ? trace_event_raw_event_netfs_folio+0x61/0xc0
 trace_netfs_folio+0x39/0x40
 netfs_page_mkwrite+0x14c/0x1d0
 do_page_mkwrite+0x50/0x90
 do_pte_missing+0x184/0x200
 __handle_mm_fault+0x42d/0x500
 handle_mm_fault+0x121/0x1f0
 do_user_addr_fault+0x23e/0x3c0
 exc_page_fault+0xc2/0xe0
 asm_exc_page_fault+0x22/0x30

This is due to the invalidate_inode_pages2_range() issued at the end of the DIO write interfering with the mmap’d writes.

Reference

https://git.kernel.org/stable/c/3473eb87afd402e415a8ca885b284ea0420dde25 https://git.kernel.org/stable/c/a81c98bfa40c11f8ea79b5a9b3f5fda73bfbb4d2

Share on: