In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential kernel bug due to lack of writeback flag waiting Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine (__folio_start_writeback in the log below): kernel BUG at mm/page-writeback.c:3070! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI ... RIP: 0010:__folio_start_writeback+0xbaa/0x10e0 Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f> 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00 ... Call Trace: <TASK> nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2] nilfs_segctor_construct+0x181/0x6b0 [nilfs2] nilfs_segctor_thread+0x548/0x11c0 [nilfs2] kthread+0x2f0/0x390 ret_from_fork+0x4b/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> This is because when the log writer starts a writeback for segment summary blocks or a super root block that use the backing device's page cache, it does not wait for the ongoing folio/page writeback, resulting in an inconsistent writeback state. Fix this issue by waiting for ongoing writebacks when putting folios/pages on the backing device into writeback state.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

No data.

No data.

No data.

References
Link Providers
https://git.kernel.org/stable/c/0ecfe3a92869a59668d27228dabbd7965e83567f cve-icon cve-icon
https://git.kernel.org/stable/c/1f3bff69f1214fe03a02bc650d5bbfaa6e65ae7d cve-icon cve-icon
https://git.kernel.org/stable/c/271dcd977ccda8c7a26e360425ae7b4db7d2ecc0 cve-icon cve-icon
https://git.kernel.org/stable/c/33900d7eae616647e179eee1c66ebe654ee39627 cve-icon cve-icon
https://git.kernel.org/stable/c/614d397be0cf43412b3f94a0f6460eddced8ce92 cve-icon cve-icon
https://git.kernel.org/stable/c/95f6f81e50d858a7c9aa7c795ec14a0ac3819118 cve-icon cve-icon
https://git.kernel.org/stable/c/a4ca369ca221bb7e06c725792ac107f0e48e82e7 cve-icon cve-icon
https://git.kernel.org/stable/c/a75b8f493dfc48aa38c518430bd9e03b53bffebe cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-37078-3aaa@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-37078 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-37078 cve-icon
History

Tue, 05 Nov 2024 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2024-12-19T09:03:49.590Z

Reserved: 2024-06-24T13:54:11.068Z

Link: CVE-2024-37078

cve-icon Vulnrichment

Updated: 2024-08-02T03:43:50.879Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-25T15:15:12.287

Modified: 2024-11-21T09:23:08.943

Link: CVE-2024-37078

cve-icon Redhat

Severity : Low

Publid Date: 2024-06-25T00:00:00Z

Links: CVE-2024-37078 - Bugzilla