CVE-2024-47726

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3aa5254d80969cb576601fb9fec7a188cc8dc169
https://git.kernel.org/stable/c/7be13b73409b553d9d9a6cbb042b4d19e2631cc7
https://git.kernel.org/stable/c/96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d	Patch
https://git.kernel.org/stable/c/c2a7fc514637f640ff55c3f3e3ed879970814a3f
https://git.kernel.org/stable/c/e3db757ff9b7101ae68650ac5f6dd5743b68164e	Patch
https://git.kernel.org/stable/c/f81302decd64245bb1bd154ecae0f65a9ee21f04

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

13 Mar 2025, 13:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/3aa5254d80969cb576601fb9fec7a188cc8dc169 - () https://git.kernel.org/stable/c/7be13b73409b553d9d9a6cbb042b4d19e2631cc7 -

21 Feb 2025, 14:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/f81302decd64245bb1bd154ecae0f65a9ee21f04 -

09 Jan 2025, 16:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/c2a7fc514637f640ff55c3f3e3ed879970814a3f -

Information

Published : 2024-10-21 13:15

Updated : 2025-03-13 13:15

NVD link : CVE-2024-47726

Mitre link : CVE-2024-47726

CVE.ORG link : CVE-2024-47726

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-47726", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-10-21T13:15:02.767", "references": [{"url": "https://git.kernel.org/stable/c/3aa5254d80969cb576601fb9fec7a188cc8dc169", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7be13b73409b553d9d9a6cbb042b4d19e2631cc7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c2a7fc514637f640ff55c3f3e3ed879970814a3f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e3db757ff9b7101ae68650ac5f6dd5743b68164e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f81302decd64245bb1bd154ecae0f65a9ee21f04", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to wait dio completion\n\nIt should wait all existing dio write IOs before block removal,\notherwise, previous direct write IO may overwrite data in the\nblock which may be reused by other inode."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para esperar la finalizaci\u00f3n de dio Se debe esperar todas las E/S de escritura de dio existentes antes de eliminar el bloque; de lo contrario, las E/S de escritura directa anteriores pueden sobrescribir los datos en el bloque que pueden ser reutilizados por otro inodo."}], "lastModified": "2025-03-13T13:15:41.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2235E7DC-717F-4BE0-AC47-34A75D29E6BD", "versionEndExcluding": "6.11.2"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}