CVE-2024-50014 Information
Description
In the Linux kernel the following vulnerability has been resolved:
ext4: fix access to uninitialised lock in fc replay path
The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with fast-commit feature enabled:
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation or maybe
you didn’t initialize this object before use?
turning off the locking correctness validator.
CPU: 0 PID: 866 Comm: mount Not tainted 6.10.0+ 11
Hardware name: QEMU Standard PC (i440FX + PIIX 1996) BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014
Call Trace:
In the replay path there’s an attempt to lock sbi->s_bdev_wb_lock in function ext4_check_bdev_write_error(). Unfortunately at this point this spinlock has not been initialized yet. Moving it’s initialization to an earlier point in __ext4_fill_super() fixes this splat.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Reference
https://git.kernel.org/stable/c/d157fc20ca5239fd56965a5a8aa1a0e25919891a https://git.kernel.org/stable/c/b002031d585a14eed511117dda8c6452a804d508 https://git.kernel.org/stable/c/23dfdb56581ad92a9967bcd720c8c23356af74c1
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
5.5
Share on: