In the Linux kernel, the following vulnerability has been resolved: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Syzbot reports a warning as follows: ============================================ WARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mb_cache_destroy+0x224/0x290 Modules linked in: CPU: 0 PID: 5075 Comm: syz-executor199 Not tainted 6.9.0-rc6-gb947cc5bf6d7 RIP: 0010:mb_cache_destroy+0x224/0x290 fs/mbcache.c:419 Call Trace: <TASK> ext4_put_super+0x6d4/0xcd0 fs/ext4/super.c:1375 generic_shutdown_super+0x136/0x2d0 fs/super.c:641 kill_block_super+0x44/0x90 fs/super.c:1675 ext4_kill_sb+0x68/0xa0 fs/ext4/super.c:7327 [...] ============================================ This is because when finding an entry in ext4_xattr_block_cache_find(), if ext4_sb_bread() returns -ENOMEM, the ce's e_refcnt, which has already grown in the __entry_find(), won't be put away, and eventually trigger the above issue in mb_cache_destroy() due to reference count leakage. So call mb_cache_entry_put() on the -ENOMEM error branch as a quick fix.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux

No data.

Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2024:5102 2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10 cpe:/o:redhat:enterprise_linux:8 RHSA-2024:5101 2024-08-08T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:9315 2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5 cpe:/o:redhat:enterprise_linux:9 RHSA-2024:9315 2024-11-12T00:00:00Z
References
Link Providers
https://git.kernel.org/stable/c/0c0b4a49d3e7f49690a6827a41faeffad5df7e21 cve-icon cve-icon
https://git.kernel.org/stable/c/681ff9a09accd8a4379f8bd30b7a1641ee19bb3e cve-icon cve-icon
https://git.kernel.org/stable/c/76dc776153a47372719d664e0fc50d6355791abb cve-icon cve-icon
https://git.kernel.org/stable/c/896a7e7d0d555ad8b2b46af0c2fa7de7467f9483 cve-icon cve-icon
https://git.kernel.org/stable/c/9ad75e78747b5a50dc5a52f0f8e92e920a653f16 cve-icon cve-icon
https://git.kernel.org/stable/c/a95df6f04f2c37291adf26a74205cde0314d4577 cve-icon cve-icon
https://git.kernel.org/stable/c/b37c0edef4e66fb21a2fbc211471195a383e5ab8 cve-icon cve-icon
https://git.kernel.org/stable/c/e941b712e758f615d311946bf98216e79145ccd9 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-39276 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-39276 cve-icon
History

Wed, 13 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9

Thu, 08 Aug 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/o:redhat:enterprise_linux:8
Vendors & Products Redhat
Redhat enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-25T14:22:38.886Z

Updated: 2024-11-05T14:27:26.405Z

Reserved: 2024-06-24T13:53:25.552Z

Link: CVE-2024-39276

cve-icon Vulnrichment

Updated: 2024-08-02T04:19:20.631Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-25T15:15:13.903

Modified: 2024-11-21T09:27:23.107

Link: CVE-2024-39276

cve-icon Redhat

Severity : Low

Publid Date: 2024-06-25T00:00:00Z

Links: CVE-2024-39276 - Bugzilla