CVE-2024-40943— ocfs2: fix races between hole punching and AIO+DIO
Affected Version Matrix 18
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b25801038da5823bba1b5440a57ca68afc51b6bd< 3c26b5d21b1239e9c7fd31ba7d9b2d7bdbaa68d9 | affected |
b25801038da5823bba1b5440a57ca68afc51b6bd< e8e2db1adac47970a6a9225f3858e9aa0e86287f | affected | ||
b25801038da5823bba1b5440a57ca68afc51b6bd< 050ce8af6838c71e872e982b50d3f1bec21da40e | affected | ||
b25801038da5823bba1b5440a57ca68afc51b6bd< 38825ff9da91d2854dcf6d9ac320a7e641e10f25 | affected | ||
b25801038da5823bba1b5440a57ca68afc51b6bd< ea042dc2bea19d72e37c298bf65a9c341ef3fff3 | affected | ||
b25801038da5823bba1b5440a57ca68afc51b6bd< 3c361f313d696df72f9bccf058510e9ec737b9b1 | affected | ||
b25801038da5823bba1b5440a57ca68afc51b6bd< 117b9c009b72a6c2ebfd23484354dfee2d9570d2 | affected | ||
b25801038da5823bba1b5440a57ca68afc51b6bd< 952b023f06a24b2ad6ba67304c4c84d45bea2f18 | affected | ||
| … +10 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-40943
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ocfs2: fix races between hole punching and AIO+DIO
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block", fstests/generic/300 become from always failed to sometimes failed: ======================================================================== [ 473.293420 ] run fstests generic/300 [ 475.296983 ] JBD2: Ignoring recovery information on journal [ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode. [ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found [ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 494.292018 ] OCFS2: File system is now read-only. [ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30 [ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3 fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072 ========================================================================= In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten extents to a list. extents are also inserted into extent tree in ocfs2_write_begin_nolock. Then another thread call fallocate to puch a hole at one of the unwritten extent. The extent at cpos was removed by ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list found there is no such extent at the cpos. T1 T2 T3 inode lock ... insert extents ... inode unlock ocfs2_fallocate __ocfs2_change_file_space inode lock lock ip_alloc_sem ocfs2_remove_inode_range inode ocfs2_remove_btree_range ocfs2_remove_extent ^---remove the extent at cpos 78723 ... unlock ip_alloc_sem inode unlock ocfs2_dio_end_io ocfs2_dio_end_io_write lock ip_alloc_sem ocfs2_mark_extent_written ocfs2_change_extent_flag ocfs2_search_extent_list ^---failed to find extent ... unlock ip_alloc_sem In most filesystems, fallocate is not compatible with racing with AIO+DIO, so fix it by adding to wait for all dio before fallocate/punch_hole like ext4.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于 ocfs2 文件系统在处理 AIO+DIO 与打洞操作时存在竞争条件问题,可能导致文件系统错误地将未写入的 extent 标记为已写入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-40943
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-40943
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-07-12 · 122 CVEs total
| CVE-2024-40960 | ipv6: prevent possible NULL dereference in rt6_probe() | |
| CVE-2024-40975 | platform/x86: x86-android-tablets: Unregister devices in reverse order | |
| CVE-2024-40974 | powerpc/pseries: Enforce hcall result buffer validity and size | |
| CVE-2024-40973 | media: mtk-vcodec: potential null pointer deference in SCP | |
| CVE-2024-40972 | ext4: do not create EA inode under buffer lock | |
| CVE-2024-40970 | Avoid hw_desc array overrun in dw-axi-dmac | |
| CVE-2024-40971 | f2fs: remove clear SB_INLINECRYPT flag in default_options | |
| CVE-2024-40969 | f2fs: don't set RO when shutting down f2fs | |
| CVE-2024-40967 | serial: imx: Introduce timeout when waiting on transmitter empty | |
| CVE-2024-40968 | MIPS: Octeon: Add PCIe link status check | |
| CVE-2024-40966 | tty: add the option to have a tty reject a new ldisc | |
| CVE-2024-40965 | i2c: lpi2c: Avoid calling clk_get_rate during transfer | |
| CVE-2024-40964 | ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind() | |
| CVE-2024-40963 | mips: bmips: BCM6358: make sure CBR is correctly set | |
| CVE-2024-40961 | ipv6: prevent possible NULL deref in fib6_nh_init() | |
| CVE-2024-40962 | btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes | |
| CVE-2024-40951 | ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() | |
| CVE-2024-40950 | mm: huge_memory: fix misused mapping_large_folio_support() for anon folios | |
| CVE-2024-40949 | mm: shmem: fix getting incorrect lruvec when replacing a shmem folio | |
| CVE-2024-40952 | ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() |
Showing top 20 of 122 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
Same vendor: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
V. Comments for CVE-2024-40943
No comments yet