CVE-2024-50229— nilfs2: fix potential deadlock with newly created symlinks
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-50229
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
nilfs2: fix potential deadlock with newly created symlinks
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential deadlock with newly created symlinks Syzbot reported that page_symlink(), called by nilfs_symlink(), triggers memory reclamation involving the filesystem layer, which can result in circular lock dependencies among the reader/writer semaphore nilfs->ns_segctor_sem, s_writers percpu_rwsem (intwrite) and the fs_reclaim pseudo lock. This is because after commit 21fc61c73c39 ("don't put symlink bodies in pagecache into highmem"), the gfp flags of the page cache for symbolic links are overwritten to GFP_KERNEL via inode_nohighmem(). This is not a problem for symlinks read from the backing device, because the __GFP_FS flag is dropped after inode_nohighmem() is called. However, when a new symlink is created with nilfs_symlink(), the gfp flags remain overwritten to GFP_KERNEL. Then, memory allocation called from page_symlink() etc. triggers memory reclamation including the FS layer, which may call nilfs_evict_inode() or nilfs_dirty_inode(). And these can cause a deadlock if they are called while nilfs->ns_segctor_sem is held: Fix this issue by dropping the __GFP_FS flag from the page cache GFP flags of newly created symlinks in the same way that nilfs_new_inode() and __nilfs_read_inode() do, as a workaround until we adopt nofs allocation scope consistently or improve the locking constraints.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于新创建的符号链接存在死锁问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-50229
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-50229
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-11-09 · 49 CVEs total
| CVE-2024-50249 | ACPI: CPPC: Make rmw_lock a raw_spin_lock | |
| CVE-2024-50252 | mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address | |
| CVE-2024-50254 | bpf: Free dynamically allocated bits in bpf_iter_bits_destroy() | |
| CVE-2024-50258 | net: fix crash when config small gso_max_size/gso_ipv4_max_size | |
| CVE-2024-50259 | netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write | |
| CVE-2024-50260 | sock_map: fix a NULL pointer dereference in sock_map_link_update_prog() | |
| CVE-2024-50261 | macsec: Fix use-after-free while sending the offloading packet | |
| CVE-2024-50262 | bpf: Fix out-of-bounds write in trie_get_next_key() | |
| CVE-2024-50257 | netfilter: Fix use-after-free in get_info() | |
| CVE-2024-50250 | fsdax: dax_unshare_iter needs to copy entire blocks | |
| CVE-2024-50251 | netfilter: nft_payload: sanitize offset and length before calling skb_checksum() | |
| CVE-2024-50248 | ntfs3: Add bounds checking to mi_enum_attr() | |
| CVE-2024-50247 | fs/ntfs3: Check if more than chunk-size bytes are written | |
| CVE-2024-50246 | fs/ntfs3: Add rough attr alloc_size check | |
| CVE-2024-50244 | fs/ntfs3: Additional check in ni_clear() | |
| CVE-2024-50245 | fs/ntfs3: Fix possible deadlock in mi_read | |
| CVE-2024-50243 | fs/ntfs3: Fix general protection fault in run_is_mapped_full | |
| CVE-2024-50242 | fs/ntfs3: Additional check in ntfs_file_release | |
| CVE-2024-50241 | NFSD: Initialize struct nfsd4_copy earlier | |
| CVE-2024-50240 | phy: qcom: qmp-usb: fix NULL-deref on runtime suspend |
Showing top 20 of 49 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2024-50229
No comments yet