{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-26601", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.128Z", "datePublished": "2024-02-24T14:56:56.324Z", "dateUpdated": "2024-11-05T09:12:23.975Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:12:23.975Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: regenerate buddy after block freeing failed if under fc replay\n\nThis mostly reverts commit 6bd97bf273bd (\"ext4: remove redundant\nmb_regenerate_buddy()\") and reintroduces mb_regenerate_buddy(). Based on\ncode in mb_free_blocks(), fast commit replay can end up marking as free\nblocks that are already marked as such. This causes corruption of the\nbuddy bitmap so we need to regenerate it in that case."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/mballoc.c"], "versions": [{"version": "0983142c5f17", "lessThan": "94ebf71bddbc", "status": "affected", "versionType": "git"}, {"version": "6bd97bf273bd", "lessThan": "c1317822e2de", "status": "affected", "versionType": "git"}, {"version": "6bd97bf273bd", "lessThan": "78327acd4cdc", "status": "affected", "versionType": "git"}, {"version": "6bd97bf273bd", "lessThan": "ea42d6cffb0d", "status": "affected", "versionType": "git"}, {"version": "6bd97bf273bd", "lessThan": "6b0d48647935", "status": "affected", "versionType": "git"}, {"version": "6bd97bf273bd", "lessThan": "c9b528c35795", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/mballoc.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.211", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.150", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.78", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.17", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.5", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a"}, {"url": "https://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326"}, {"url": "https://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4"}, {"url": "https://git.kernel.org/stable/c/ea42d6cffb0dd27a417f410b9d0011e9859328cb"}, {"url": "https://git.kernel.org/stable/c/6b0d48647935e4b8c7b75d1eccb9043fcd4ee581"}, {"url": "https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4e"}], "title": "ext4: regenerate buddy after block freeing failed if under fc replay", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26601", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-01T15:48:58.021731Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:48:55.950Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.651Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ea42d6cffb0dd27a417f410b9d0011e9859328cb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6b0d48647935e4b8c7b75d1eccb9043fcd4ee581", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4e", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ea42d6cffb0dd27a417f410b9d0011e9859328cb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6b0d48647935e4b8c7b75d1eccb9043fcd4ee581", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4e", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.651Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26601", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-01T15:48:58.021731Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.427Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "ext4: regenerate buddy after block freeing failed if under fc replay", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "0983142c5f17", "lessThan": "94ebf71bddbc", "versionType": "git"}, {"status": "affected", "version": "6bd97bf273bd", "lessThan": "c1317822e2de", "versionType": "git"}, {"status": "affected", "version": "6bd97bf273bd", "lessThan": "78327acd4cdc", "versionType": "git"}, {"status": "affected", "version": "6bd97bf273bd", "lessThan": "ea42d6cffb0d", "versionType": "git"}, {"status": "affected", "version": "6bd97bf273bd", "lessThan": "6b0d48647935", "versionType": "git"}, {"status": "affected", "version": "6bd97bf273bd", "lessThan": "c9b528c35795", "versionType": "git"}], "programFiles": ["fs/ext4/mballoc.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.11"}, {"status": "unaffected", "version": "0", "lessThan": "5.11", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.211", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.150", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.78", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.17", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.5", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/ext4/mballoc.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a"}, {"url": "https://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326"}, {"url": "https://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4"}, {"url": "https://git.kernel.org/stable/c/ea42d6cffb0dd27a417f410b9d0011e9859328cb"}, {"url": "https://git.kernel.org/stable/c/6b0d48647935e4b8c7b75d1eccb9043fcd4ee581"}, {"url": "https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4e"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: regenerate buddy after block freeing failed if under fc replay\n\nThis mostly reverts commit 6bd97bf273bd (\"ext4: remove redundant\nmb_regenerate_buddy()\") and reintroduces mb_regenerate_buddy(). Based on\ncode in mb_free_blocks(), fast commit replay can end up marking as free\nblocks that are already marked as such. This causes corruption of the\nbuddy bitmap so we need to regenerate it in that case."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:12:23.975Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26601", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:12:23.975Z", "dateReserved": "2024-02-19T14:20:24.128Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-24T14:56:56.324Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC6905D6-5F33-4718-AAFD-C356351E82B0", "versionEndExcluding": "5.10.211", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "892B1C6C-0A61-4DAC-9F79-172AB564A179", "versionEndExcluding": "5.15.150", "versionStartIncluding": "5.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5ED93437-2DAD-459B-8B46-01C911BDE283", "versionEndExcluding": "6.1.78", "versionStartIncluding": "5.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B4E27C1-FDA4-443A-8088-7D297EB2997B", "versionEndExcluding": "6.6.17", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "06B690E0-5DAC-44EC-947A-D6E4EB0475CA", "versionEndExcluding": "6.7.5", "versionStartIncluding": "6.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: regenerate buddy after block freeing failed if under fc replay\n\nThis mostly reverts commit 6bd97bf273bd (\"ext4: remove redundant\nmb_regenerate_buddy()\") and reintroduces mb_regenerate_buddy(). Based on\ncode in mb_free_blocks(), fast commit replay can end up marking as free\nblocks that are already marked as such. This causes corruption of the\nbuddy bitmap so we need to regenerate it in that case."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: regenerar amigo despu\u00e9s de que fall\u00f3 la liberaci\u00f3n del bloque si se encuentra en reproducci\u00f3n fc. Esto revierte principalmente el commit 6bd97bf273bd (\"ext4: eliminar mb_regenerate_buddy() redundante\") y reintroduce mb_regenerate_buddy(). Seg\u00fan el c\u00f3digo en mb_free_blocks(), la repetici\u00f3n de commit r\u00e1pido puede terminar marcando como bloques libres que ya est\u00e1n marcados como tales. Esto causa corrupci\u00f3n en el mapa de bits del amigo, por lo que debemos regenerarlo en ese caso."}], "id": "CVE-2024-26601", "lastModified": "2024-11-21T09:02:38.143", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-26T16:27:59.987", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6b0d48647935e4b8c7b75d1eccb9043fcd4ee581"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ea42d6cffb0dd27a417f410b9d0011e9859328cb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6b0d48647935e4b8c7b75d1eccb9043fcd4ee581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ea42d6cffb0dd27a417f410b9d0011e9859328cb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:5066", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.77.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5067", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.77.1.rt14.362.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-07T00:00:00Z"}], "bugzilla": {"description": "kernel: ext4: regenerate buddy after block freeing failed if under fc replay", "id": "2265836", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265836"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-118", "details": ["In the Linux kernel, the following vulnerability has been resolved:\next4: regenerate buddy after block freeing failed if under fc replay\nThis mostly reverts commit 6bd97bf273bd (\"ext4: remove redundant\nmb_regenerate_buddy()\") and reintroduces mb_regenerate_buddy(). Based on\ncode in mb_free_blocks(), fast commit replay can end up marking as free\nblocks that are already marked as such. This causes corruption of the\nbuddy bitmap so we need to regenerate it in that case.", "A flaw was found in the Linux kernel's ext4 filesystem related to the fast commit replay process. During this process, blocks that are already marked as free can be incorrectly marked as free again, leading to the corruption of the buddy bitmap, which is used to track free and allocated blocks. This corruption can result in filesystem inconsistencies and potential data loss. The issue is resolved by reintroducing the mb_regenerate_buddy() function, which regenerates the buddy bitmap to ensure its integrity."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-26601", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26601\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26601\nhttps://lore.kernel.org/linux-cve-announce/2024022411-CVE-2024-26601-b6ac@gregkh/T/#u"], "statement": "CVE-2024-26601 is considered a Moderate severity issue because its impact is limited to specific conditions during the fast commit replay process of the ext4 filesystem. The vulnerability involves the marking of already free blocks as free, which leads to buddy bitmap corruption. However, this scenario is relatively rare and typically occurs only under certain workload patterns. Additionally, the corruption affects internal filesystem metadata rather than user data directly, reducing the immediate risk of data loss or system compromise. The issue can be mitigated by regenerating the buddy bitmap, and standard filesystem integrity checks and recovery procedures can often address any inconsistencies that arise.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.8-rc3"}