CVE-2024-49965

In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove unreasonable unlock in ocfs2_read_blocks Patch series "Misc fixes for ocfs2_read_blocks", v5. This series contains 2 fixes for ocfs2_read_blocks(). The first patch fix the issue reported by syzbot, which detects bad unlock balance in ocfs2_read_blocks(). The second patch fixes an issue reported by Heming Zhao when reviewing above fix. This patch (of 2): There was a lock release before exiting, so remove the unreasonable unlock.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/39a88623af3f1c686bf6db1e677ed865ffe6fccc	Patch
https://git.kernel.org/stable/c/3f1ca6ba5452d53c598a45d21267a2c0c221eef3	Patch
https://git.kernel.org/stable/c/5245f109b4afb6595360d4c180d483a6d2009a59
https://git.kernel.org/stable/c/81aba693b129e82e11bb54f569504d943d018de9	Patch
https://git.kernel.org/stable/c/84543da867c967edffd5065fa910ebf56aaae49d	Patch
https://git.kernel.org/stable/c/9753bcb17b36c9add9b32c61766ddf8d2d161911
https://git.kernel.org/stable/c/c03a82b4a0c935774afa01fd6d128b444fd930a1	Patch
https://git.kernel.org/stable/c/df4f20fc3673cee11abf2c571987a95733cb638d	Patch
https://git.kernel.org/stable/c/f55a33fe0fb5274ef185fd61947cf142138958af	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-10-21 18:15

Updated : 2024-11-08 16:15

NVD link : CVE-2024-49965

Mitre link : CVE-2024-49965

CVE.ORG link : CVE-2024-49965

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

{"id": "CVE-2024-49965", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-10-21T18:15:17.593", "references": [{"url": "https://git.kernel.org/stable/c/39a88623af3f1c686bf6db1e677ed865ffe6fccc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3f1ca6ba5452d53c598a45d21267a2c0c221eef3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5245f109b4afb6595360d4c180d483a6d2009a59", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/81aba693b129e82e11bb54f569504d943d018de9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/84543da867c967edffd5065fa910ebf56aaae49d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9753bcb17b36c9add9b32c61766ddf8d2d161911", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c03a82b4a0c935774afa01fd6d128b444fd930a1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/df4f20fc3673cee11abf2c571987a95733cb638d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f55a33fe0fb5274ef185fd61947cf142138958af", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove unreasonable unlock in ocfs2_read_blocks\n\nPatch series \"Misc fixes for ocfs2_read_blocks\", v5.\n\nThis series contains 2 fixes for ocfs2_read_blocks(). The first patch fix\nthe issue reported by syzbot, which detects bad unlock balance in\nocfs2_read_blocks(). The second patch fixes an issue reported by Heming\nZhao when reviewing above fix.\n\n\nThis patch (of 2):\n\nThere was a lock release before exiting, so remove the unreasonable unlock."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: eliminar el desbloqueo irrazonable en ocfs2_read_blocks Serie de parches \"Correcciones varias para ocfs2_read_blocks\", v5. Esta serie contiene 2 correcciones para ocfs2_read_blocks(). El primer parche corrige el problema informado por syzbot, que detecta un balance de desbloqueo incorrecto en ocfs2_read_blocks(). El segundo parche corrige un problema informado por Heming Zhao al revisar la correcci\u00f3n anterior. Este parche (de 2): Hubo una liberaci\u00f3n de bloqueo antes de salir, as\u00ed que elimine el desbloqueo irrazonable."}], "lastModified": "2024-11-08T16:15:36.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24B4F282-4860-4914-A00E-37E79073E119", "versionEndExcluding": "4.9", "versionStartIncluding": "4.4.204"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAF7C57C-4624-476E-9DC5-B2376F1E4675", "versionEndExcluding": "4.14", "versionStartIncluding": "4.9.204"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DC95FF1-ED73-4CD5-9F88-C887FD9A5273", "versionEndExcluding": "4.19", "versionStartIncluding": "4.14.157"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B897764C-25B8-458D-864B-0985FF8A323F", "versionEndExcluding": "4.20", "versionStartIncluding": "4.19.87"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD12FA67-D2AC-4EB0-BED4-7D4E94D30EF8", "versionEndExcluding": "5.10.227", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0", "versionEndExcluding": "6.6.55", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021", "versionEndExcluding": "6.10.14", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9", "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}