CVE-2024-36001

{"id": "CVE-2024-36001", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-05-20T10:15:14.230", "references": [{"url": "https://git.kernel.org/stable/c/5eaf23b2e81349f6614f88396dc468fda89fc0b9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c97f59e276d4e93480f29a70accbd0d7273cf3f5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5eaf23b2e81349f6614f88396dc468fda89fc0b9", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/c97f59e276d4e93480f29a70accbd0d7273cf3f5", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix the pre-flush when appending to a file in writethrough mode\n\nIn netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGH\nor O_*SYNC or RWF_*SYNC was specified, write-through caching is performed\non a buffered file. When setting up for write-through, we flush any\nconflicting writes in the region and wait for the write to complete,\nfailing if there's a write error to return.\n\nThe issue arises if we're writing at or above the EOF position because we\nskip the flush and - more importantly - the wait. This becomes a problem\nif there's a partial folio at the end of the file that is being written out\nand we want to make a write to it too. Both the already-running write and\nthe write we start both want to clear the writeback mark, but whoever is\nsecond causes a warning looking something like:\n\n ------------[ cut here ]------------\n R=00000012: folio 11 is not under writeback\n WARNING: CPU: 34 PID: 654 at fs/netfs/write_collect.c:105\n ...\n CPU: 34 PID: 654 Comm: kworker/u386:27 Tainted: G S ...\n ...\n Workqueue: events_unbound netfs_write_collection_worker\n ...\n RIP: 0010:netfs_writeback_lookup_folio\n\nFix this by making the flush-and-wait unconditional. It will do nothing if\nthere are no folios in the pagecache and will return quickly if there are\nno folios in the region specified.\n\nFurther, move the WBC attachment above the flush call as the flush is going\nto attach a WBC and detach it again if it is not present - and since we\nneed one anyway we might as well share it."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfs: soluciona el lavado previo al agregar un archivo en modo de escritura directa. En netfs_perform_write(), cuando se especifica el archivo marcado como NETFS_ICTX_WRITETHROUGH o O_*SYNC o RWF_*SYNC, escriba -El almacenamiento en cach\u00e9 se realiza en un archivo almacenado en b\u00fafer. Al configurar la escritura directa, eliminamos cualquier escritura conflictiva en la regi\u00f3n y esperamos a que se complete la escritura, fallando si hay un error de escritura que devolver. El problema surge si escribimos en la posici\u00f3n EOF o por encima de ella porque nos saltamos el color y, lo que es m\u00e1s importante, la espera. Esto se convierte en un problema si hay un folio parcial al final del archivo que se est\u00e1 escribiendo y queremos escribir en \u00e9l tambi\u00e9n. Tanto la escritura que ya se est\u00e1 ejecutando como la escritura que comenzamos quieren borrar la marca de reescritura, pero quienquiera que est\u00e9 en segundo lugar genera una advertencia similar a: ------------[cortar aqu\u00ed]---- -------- R=00000012: el folio 11 no est\u00e1 bajo reescritura ADVERTENCIA: CPU: 34 PID: 654 en fs/netfs/write_collect.c:105 ... CPU: 34 PID: 654 Comm: kworker/u386 :27 Contaminado: GS... ... Cola de trabajo: events_unbound netfs_write_collection_worker... RIP: 0010:netfs_writeback_lookup_folio Solucione este problema haciendo que el lavado y la espera sean incondicionales. No har\u00e1 nada si no hay publicaciones en el cach\u00e9 de p\u00e1ginas y regresar\u00e1 r\u00e1pidamente si no hay publicaciones en la regi\u00f3n especificada. Adem\u00e1s, mueva el archivo adjunto de WBC por encima de la llamada de descarga, ya que la descarga conectar\u00e1 un WBC y lo separar\u00e1 nuevamente si no est\u00e1 presente, y dado que necesitamos uno de todos modos, tambi\u00e9n podr\u00edamos compartirlo."}], "lastModified": "2025-09-23T18:39:36.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64BA8CD4-9CCF-4BC8-BF79-90FF62BA0FAA", "versionEndExcluding": "6.8.9", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}