一、漏洞信息
漏洞编号：CVE-2024-42149
漏洞归属组件：kernel
漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0,6.6.0
CVSS V2.0分值：
BaseScore：0.0 Low
Vector：CVSS：2.0/
漏洞简述：
In the Linux kernel, the following vulnerability has been resolved:fs: don t misleadingly warn during thaw operationsThe block device may have been frozen before it was claimed by afilesystem. Concurrently another process might try to mount thatfrozen block device and has temporarily claimed the block device forthat purpose causing a concurrent fs_bdev_thaw() to end up here. Themounter is already about to abort mounting because they still saw anelevanted bdev->bd_fsfreeze_count so get_bdev_super() will returnNULL in that case.For example, P1 calls dm_suspend() which calls into bdev_freeze() beforethe block device has been claimed by the filesystem. This bringsbdev->bd_fsfreeze_count to 1 and no call into fs_bdev_freeze() isrequired.Now P2 tries to mount that frozen block device. It claims it and checksbdev->bd_fsfreeze_count. As it s elevated it aborts mounting.In the meantime P3 called dm_resume(). P3 sees that the block device isalready claimed by a filesystem and calls into fs_bdev_thaw().P3 takes a passive reference and realizes that the filesystem isn tready yet. P3 puts itself to sleep to wait for the filesystem to becomeready.P2 now puts the last active reference to the filesystem and marks it asdying. P3 gets woken, sees that the filesystem is dying andget_bdev_super() fails.
漏洞公开时间：2024-07-30 16:15:06
漏洞创建时间：2024-07-31 07:54:42
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2024-42149

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
其它
漏洞补丁信息：

二、漏洞分析结构反馈
影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:fs: don't misleadingly warn during thaw operationsThe block device may have been frozen before it was claimed by afilesystem. Concurrently another process might try to mount thatfrozen block device and has temporarily claimed the block device forthat purpose causing a concurrent fs_bdev_thaw() to end up here. Themounter is already about to abort mounting because they still saw anelevanted bdev->bd_fsfreeze_count so get_bdev_super() will returnNULL in that case.For example, P1 calls dm_suspend() which calls into bdev_freeze() beforethe block device has been claimed by the filesystem. This bringsbdev->bd_fsfreeze_count to 1 and no call into fs_bdev_freeze() isrequired.Now P2 tries to mount that frozen block device. It claims it and checksbdev->bd_fsfreeze_count. As it's elevated it aborts mounting.In the meantime P3 called dm_resume(). P3 sees that the block device isalready claimed by a filesystem and calls into fs_bdev_thaw().P3 takes a passive reference and realizes that the filesystem isn'tready yet. P3 puts itself to sleep to wait for the filesystem to becomeready.P2 now puts the last active reference to the filesystem and marks it asdying. P3 gets woken, sees that the filesystem is dying andget_bdev_super() fails.The Linux kernel CVE team has assigned CVE-2024-42149 to this issue.
openEuler评分：
3.9
Vector：CVSS：2.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP4(4.19.90):不受影响
2.openEuler-22.03-LTS-SP1(5.10.0):不受影响
3.openEuler-22.03-LTS-SP3(5.10.0):不受影响
4.openEuler-22.03-LTS-SP4(5.10.0):不受影响
5.master(6.1.0):不受影响
6.openEuler-24.03-LTS(6.6.0):不受影响
7.openEuler-24.03-LTS-Next(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP4(4.19.90):否
2.openEuler-22.03-LTS-SP1(5.10.0):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.master(6.1.0):否
5.openEuler-24.03-LTS(6.6.0):否
6.openEuler-24.03-LTS-Next(6.6.0):否
7.openEuler-22.03-LTS-SP4(5.10.0):否