🛡️ UBUNTU-CVE-2024-45003
⚪ Unknown ✅ No Known Exploit OSV
N/A
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: vfs: Don't evict inode under the inode lru traversing context The inode reclaiming process(See function prune_icache_sb) collects all reclaimable inodes and mark them with I_FREEING flag at first, at that time, other processes will be stuck if they try getting these inodes (See function find_inode_fast), then the reclaiming process destroy the inodes by function dispose_list(). Some filesystems(eg. ext4 with ea_inode feature, ubifs with xattr) may do inode lookup in the inode evicting callback function, if the inode lookup is operated under the inode lru traversing context, deadlock problems may happen. Case 1: In function ext4_evict_inode(), the ea inode lookup could happen if ea_inode feature is enabled, the lookup process will be stuck under the evicting context like this: 1. File A has inode i_reg and an ea inode i_ea 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea 3. Then, following three processes running like this: PA PB echo 2 > /proc/sys/vm/drop_caches shrink_slab prune_dcache_sb // i_reg is added into lru, lru->i_ea->i_reg prune_icache_sb list_lru_walk_one inode_lru_isolate i_ea->i_state |= I_FREEING // set inode state inode_lru_isolate __iget(i_reg) spin_unlock(&i_reg->i_lock) spin_unlock(lru_lock) rm file A i_reg->nlink = 0 iput(i_reg) // i_reg->nlink is 0, do evict ext4_evict_inode ext4_xattr_delete_inode ext4_xattr_inode_dec_ref_all ext4_xattr_inode_iget ext4_iget(i_ea->i_ino) iget_locked find_inode_fast __wait_on_freeing_inode(i_ea) ----→ AA deadlock dispose_list // cannot be executed by prune_icache_sb wake_up_bit(&i_ea->i_state) Case 2: In deleted inode writing function ubifs_jnl_write_inode(), file deleting process holds BASEHD's wbuf->io_mutex while getting the xattr inode, which could race with inode reclaiming process(The reclaiming process could try locking BASEHD's wbuf->io_mutex in inode evicting function), then an ABBA deadlock problem would happen as following: 1. File A has inode ia and a xattr(with inode ixa), regular file B has inode ib and a xattr. 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa 3. Then, following three processes running like this: PA PB PC echo 2 > /proc/sys/vm/drop_caches shrink_slab prune_dcache_sb // ib and ia are added into lru, lru->ixa->ib->ia prune_icache_sb list_lru_walk_one inode_lru_isolate ixa->i_state |= I_FREEING // set inode state inode_lru_isolate __iget(ib) spin_unlock(&ib->i_lock) spin_unlock(lru_lock) rm file B ib->nlink = 0 rm file A iput(ia) ubifs_evict_inode(ia) ubifs_jnl_delete_inode(ia) ubifs_jnl_write_inode(ia) make_reservation(BASEHD) // Lock wbuf->io_mutex ubifs_iget(ixa->i_ino) iget_locked find_inode_fast __wait_on_freeing_inode(ixa) | iput(ib) // ib->nlink is 0, do evict | ubifs_evict_inode | ubifs_jnl_delete_inode(ib) ↓ ubifs_jnl_write_inode ABBA deadlock ←-----make_reservation(BASEHD) dispose_list // cannot be executed by prune_icache_sb wake_up_bit(&ixa->i_state) Fix the possible deadlock by using new inode state flag I_LRU_ISOLATING to pin the inode in memory while inode_lru_isolate( ---truncated---

Details

Severity Unknown
CVSS Score N/A
CVSS Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE N/A
Public Exploit ✅ No
Source OSV
Published 2024-09-04
Updated 2026-06-15
Modified 2026-06-08
Fix URL N/A

Affected Packages

Software From version Fixed in
linux 6.8.0-50.51
linux-allwinner-5.19
linux-aws 6.8.0-1020.22
linux-aws-5.0
linux-aws-5.11
linux-aws-5.13
linux-aws-5.15 5.15.0-1072.78~20.04.1
linux-aws-5.19
linux-aws-5.3
linux-aws-5.4 5.4.0-1135.145~18.04.1
linux-aws-5.8
linux-aws-6.2
linux-aws-6.5
linux-aws-6.8 6.8.0-1020.22~22.04.1
linux-aws-fips 5.15.0-1072.78+fips1
linux-aws-hwe
linux-azure 6.8.0-1020.23
linux-azure-4.15
linux-azure-5.11
linux-azure-5.13
linux-azure-5.15 5.15.0-1078.87~20.04.1
linux-azure-5.19
linux-azure-5.3
linux-azure-5.4 5.4.0-1140.147~18.04.1
linux-azure-5.8
linux-azure-6.2
linux-azure-6.5
linux-azure-6.8 6.8.0-1020.23~22.04.1
linux-azure-edge
linux-azure-fde
linux-azure-fde-5.19
linux-azure-fde-6.2
linux-azure-fips 5.15.0-1075.84+fips1
linux-bluefield
linux-fips 6.8.0-78.78+fips1
linux-gcp 6.8.0-1019.21
linux-gcp-4.15
linux-gcp-5.11
linux-gcp-5.13
linux-gcp-5.15 5.15.0-1071.79~20.04.1
linux-gcp-5.19
linux-gcp-5.3
linux-gcp-5.4 5.4.0-1139.148~18.04.1
linux-gcp-5.8
linux-gcp-6.2
linux-gcp-6.5
linux-gcp-6.8 6.8.0-1019.21~22.04.1
linux-gcp-fips 5.15.0-1071.79+fips1
linux-gke 6.8.0-1015.19
linux-gke-4.15
linux-gke-5.15
linux-gke-5.4
linux-gkeop 6.8.0-1002.4
linux-gkeop-5.15 5.15.0-1055.62~20.04.1
linux-gkeop-5.4
linux-hwe
linux-hwe-5.11
linux-hwe-5.13
linux-hwe-5.15 5.15.0-125.135~20.04.1
linux-hwe-5.19
linux-hwe-5.4 5.4.0-200.220~18.04.1
linux-hwe-5.8
linux-hwe-6.2
linux-hwe-6.5
linux-hwe-6.8 6.8.0-50.51~22.04.1
linux-hwe-edge
linux-ibm 6.8.0-1017.17
linux-ibm-5.15 5.15.0-1065.68~20.04.1
linux-ibm-5.4 5.4.0-1082.87~18.04.1
linux-ibm-6.8 6.8.0-1017.17~22.04.1
linux-intel-5.13
linux-intel-iot-realtime 5.15.0-1066.68
linux-intel-iotg 5.15.0-1067.73
linux-intel-iotg-5.15 5.15.0-1067.73~20.04.1
linux-iot 5.4.0-1044.45
linux-kvm 5.15.0-1069.74
linux-lowlatency 6.8.0-50.51.1
linux-lowlatency-hwe-5.15 5.15.0-125.135~20.04.1
linux-lowlatency-hwe-5.19
linux-lowlatency-hwe-6.2
linux-lowlatency-hwe-6.5
linux-lowlatency-hwe-6.8 6.8.0-50.51.1~22.04.1
linux-nvidia 6.8.0-1019.21
linux-nvidia-6.2
linux-nvidia-6.5
linux-nvidia-6.8 6.8.0-1019.21~22.04.1
linux-nvidia-lowlatency 6.8.0-1019.21.1
linux-nvidia-tegra 5.15.0-1032.32
linux-nvidia-tegra-5.15 5.15.0-1032.32~20.04.1
linux-nvidia-tegra-igx 5.15.0-1020.20
linux-oem
linux-oem-5.10
linux-oem-5.13
linux-oem-5.14
linux-oem-5.17
linux-oem-5.6
linux-oem-6.0
linux-oem-6.1
linux-oem-6.5
linux-oem-6.8 6.8.0-1018.18
linux-oracle 6.8.0-1017.18
linux-oracle-5.0
linux-oracle-5.11
linux-oracle-5.13
linux-oracle-5.15 5.15.0-1070.76~20.04.1
linux-oracle-5.3
linux-oracle-5.4 5.4.0-1134.143~18.04.1
linux-oracle-5.8
linux-oracle-6.5
linux-oracle-6.8 6.8.0-1017.18~22.04.1
linux-raspi 6.8.0-1016.18
linux-raspi-5.4 5.4.0-1119.131~18.04.1
linux-raspi-realtime 6.8.0-2015.16
linux-raspi2
linux-realtime 6.8.1-1013.14
linux-realtime-6.8 6.8.1-1013.14~22.04.1
linux-riscv 6.8.0-50.51.1
linux-riscv-5.11
linux-riscv-5.15 5.15.0-1068.72~20.04.1
linux-riscv-5.19
linux-riscv-5.8
linux-riscv-6.5
linux-riscv-6.8 6.8.0-50.51.1~22.04.1
linux-starfive-5.19
linux-starfive-6.2
linux-starfive-6.5
linux-xilinx 6.8.0-1017.18
linux-xilinx-zynqmp 5.15.0-1038.42

References

Similar Threats

Site Security Check

Concerned your site may already be targeted?

BotEraser analyzes incoming traffic patterns and helps identify bot behavior consistent with known exploit attempts.

Check My Site Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.