{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41083", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.633Z", "datePublished": "2024-07-29T15:47:59.419Z", "dateUpdated": "2024-09-11T17:33:59.223Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T15:47:59.419Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix netfs_page_mkwrite() to check folio->mapping is valid\n\nFix netfs_page_mkwrite() to check that folio->mapping is valid once it has\ntaken the folio lock (as filemap_page_mkwrite() does). Without this,\ngeneric/247 occasionally oopses with something like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n\n RIP: 0010:trace_event_raw_event_netfs_folio+0x61/0xc0\n ...\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x6e/0xa0\n ? exc_page_fault+0xc2/0xe0\n ? asm_exc_page_fault+0x22/0x30\n ? trace_event_raw_event_netfs_folio+0x61/0xc0\n trace_netfs_folio+0x39/0x40\n netfs_page_mkwrite+0x14c/0x1d0\n do_page_mkwrite+0x50/0x90\n do_pte_missing+0x184/0x200\n __handle_mm_fault+0x42d/0x500\n handle_mm_fault+0x121/0x1f0\n do_user_addr_fault+0x23e/0x3c0\n exc_page_fault+0xc2/0xe0\n asm_exc_page_fault+0x22/0x30\n\nThis is due to the invalidate_inode_pages2_range() issued at the end of the\nDIO write interfering with the mmap'd writes."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/netfs/buffered_write.c"], "versions": [{"version": "102a7e2c598c", "lessThan": "3473eb87afd4", "status": "affected", "versionType": "git"}, {"version": "102a7e2c598c", "lessThan": "a81c98bfa40c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/netfs/buffered_write.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.8", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/3473eb87afd402e415a8ca885b284ea0420dde25"}, {"url": "https://git.kernel.org/stable/c/a81c98bfa40c11f8ea79b5a9b3f5fda73bfbb4d2"}], "title": "netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.318Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/3473eb87afd402e415a8ca885b284ea0420dde25", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a81c98bfa40c11f8ea79b5a9b3f5fda73bfbb4d2", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41083", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:20:58.648407Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:59.223Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41083", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.633Z", "datePublished": "2024-07-29T15:47:59.419Z", "dateUpdated": "2024-08-02T04:46:52.318Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T15:47:59.419Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix netfs_page_mkwrite() to check folio->mapping is valid\n\nFix netfs_page_mkwrite() to check that folio->mapping is valid once it has\ntaken the folio lock (as filemap_page_mkwrite() does). Without this,\ngeneric/247 occasionally oopses with something like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n\n RIP: 0010:trace_event_raw_event_netfs_folio+0x61/0xc0\n ...\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x6e/0xa0\n ? exc_page_fault+0xc2/0xe0\n ? asm_exc_page_fault+0x22/0x30\n ? trace_event_raw_event_netfs_folio+0x61/0xc0\n trace_netfs_folio+0x39/0x40\n netfs_page_mkwrite+0x14c/0x1d0\n do_page_mkwrite+0x50/0x90\n do_pte_missing+0x184/0x200\n __handle_mm_fault+0x42d/0x500\n handle_mm_fault+0x121/0x1f0\n do_user_addr_fault+0x23e/0x3c0\n exc_page_fault+0xc2/0xe0\n asm_exc_page_fault+0x22/0x30\n\nThis is due to the invalidate_inode_pages2_range() issued at the end of the\nDIO write interfering with the mmap'd writes."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/netfs/buffered_write.c"], "versions": [{"version": "102a7e2c598c", "lessThan": "3473eb87afd4", "status": "affected", "versionType": "git"}, {"version": "102a7e2c598c", "lessThan": "a81c98bfa40c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/netfs/buffered_write.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.8", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/3473eb87afd402e415a8ca885b284ea0420dde25"}, {"url": "https://git.kernel.org/stable/c/a81c98bfa40c11f8ea79b5a9b3f5fda73bfbb4d2"}], "title": "netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41083", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:20:58.648407Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:19.989Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "01A4BD4E-FEF5-4966-9017-7AAE1629F735", "versionEndExcluding": "6.9.8", "versionStartIncluding": "6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix netfs_page_mkwrite() to check folio->mapping is valid\n\nFix netfs_page_mkwrite() to check that folio->mapping is valid once it has\ntaken the folio lock (as filemap_page_mkwrite() does). Without this,\ngeneric/247 occasionally oopses with something like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n\n RIP: 0010:trace_event_raw_event_netfs_folio+0x61/0xc0\n ...\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x6e/0xa0\n ? exc_page_fault+0xc2/0xe0\n ? asm_exc_page_fault+0x22/0x30\n ? trace_event_raw_event_netfs_folio+0x61/0xc0\n trace_netfs_folio+0x39/0x40\n netfs_page_mkwrite+0x14c/0x1d0\n do_page_mkwrite+0x50/0x90\n do_pte_missing+0x184/0x200\n __handle_mm_fault+0x42d/0x500\n handle_mm_fault+0x121/0x1f0\n do_user_addr_fault+0x23e/0x3c0\n exc_page_fault+0xc2/0xe0\n asm_exc_page_fault+0x22/0x30\n\nThis is due to the invalidate_inode_pages2_range() issued at the end of the\nDIO write interfering with the mmap'd writes."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfs: corrija netfs_page_mkwrite() para verificar que folio-&gt;mapping sea v\u00e1lido. Corrija netfs_page_mkwrite() para verificar que folio-&gt;mapping sea v\u00e1lido una vez que haya tomado el bloqueo de folio (como filemap_page_mkwrite( ) hace). Sin esto, generic/247 ocasionalmente falla con algo como lo siguiente: ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000000 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente RIP: 0010:trace_event_raw_event_netfs_folio +0x61/0xc0... Seguimiento de llamadas: ? __die_body+0x1a/0x60 ? page_fault_oops+0x6e/0xa0? exc_page_fault+0xc2/0xe0? asm_exc_page_fault+0x22/0x30? trace_event_raw_event_netfs_folio+0x61/0xc0 trace_netfs_folio+0x39/0x40 netfs_page_mkwrite+0x14c/0x1d0 do_page_mkwrite+0x50/0x90 do_pte_missing+0x184/0x200 __handle_mm_fault+0x42d/0x500 _fault+0x121/0x1f0 do_user_addr_fault+0x23e/0x3c0 exc_page_fault+0xc2/0xe0 asm_exc_page_fault+0x22/0x30 Esto se debe a que invalidate_inode_pages2_range() emitido al final de la escritura DIO interfiere con las escrituras mmap."}], "id": "CVE-2024-41083", "lastModified": "2024-08-26T14:23:35.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-29T16:15:03.790", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3473eb87afd402e415a8ca885b284ea0420dde25"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a81c98bfa40c11f8ea79b5a9b3f5fda73bfbb4d2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: netfs: Fix netfs_page_mkwrite() to check folio-->mapping is valid", "id": "2300479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300479"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfs: Fix netfs_page_mkwrite() to check folio->mapping is valid\nFix netfs_page_mkwrite() to check that folio->mapping is valid once it has\ntaken the folio lock (as filemap_page_mkwrite() does). Without this,\ngeneric/247 occasionally oopses with something like the following:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nRIP: 0010:trace_event_raw_event_netfs_folio+0x61/0xc0\n...\nCall Trace:\n<TASK>\n? __die_body+0x1a/0x60\n? page_fault_oops+0x6e/0xa0\n? exc_page_fault+0xc2/0xe0\n? asm_exc_page_fault+0x22/0x30\n? trace_event_raw_event_netfs_folio+0x61/0xc0\ntrace_netfs_folio+0x39/0x40\nnetfs_page_mkwrite+0x14c/0x1d0\ndo_page_mkwrite+0x50/0x90\ndo_pte_missing+0x184/0x200\n__handle_mm_fault+0x42d/0x500\nhandle_mm_fault+0x121/0x1f0\ndo_user_addr_fault+0x23e/0x3c0\nexc_page_fault+0xc2/0xe0\nasm_exc_page_fault+0x22/0x30\nThis is due to the invalidate_inode_pages2_range() issued at the end of the\nDIO write interfering with the mmap'd writes.", "A flaw was found in `netfs_page_mkwrite()` in the Linux kernel caused by a missing validation check for `folio->mapping` after acquiring the folio lock. This oversight could lead to a NULL pointer dereference, resulting in kernel crashes when handling file operations. The issue arose from interference by `invalidate_inode_pages2_range()` during Direct I/O (DIO) writes."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-41083", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41083\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41083\nhttps://lore.kernel.org/linux-cve-announce/2024072946-CVE-2024-41083-a1d3@gregkh/T"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as this vulnerability does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.9.8, kernel 6.10"}