CVE-2024-53130

一、漏洞信息
漏洞编号：CVE-2024-53130
漏洞归属组件：kernel
漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.1.8,6.4.0,6.6.0
CVSS V3.0分值：
BaseScore：5.5 Medium
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞简述：
In the Linux kernel, the following vulnerability has been resolved:nilfs2: fix null-ptr-deref in block_dirty_buffer tracepointWhen using the block:block_dirty_buffer tracepoint, mark_buffer_dirty()may cause a NULL pointer dereference, or a general protection fault whenKASAN is enabled.This happens because, since the tracepoint was added inmark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_devregardless of whether the buffer head has a pointer to a block_devicestructure.In the current implementation, nilfs_grab_buffer(), which grabs a bufferto read (or create) a block of metadata, including b-tree node blocks,does not set the block device, but instead does so only if the buffer isnot in the uptodate state for each of its caller block readingfunctions. However, if the uptodate flag is set on a folio/page, and thebuffer heads are detached from it by try_to_free_buffers(), and new bufferheads are then attached by create_empty_buffers(), the uptodate flag maybe restored to each buffer without the block device being set tobh->b_bdev, and mark_buffer_dirty() may be called later in that state,resulting in the bug mentioned above.Fix this issue by making nilfs_grab_buffer() always set the block deviceof the super block structure to the buffer head, regardless of the stateof the buffer s uptodate flag.
漏洞公开时间：2024-12-04 23:15:12
漏洞创建时间：2024-12-04 23:36:08
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2024-53130

更多参考(点击展开)

参考来源	参考链接	来源链接
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0a5014ad37c77ac6a2c525137c00a0e1724f6020
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0ce59fb1c73fdd5b6028226aeb46259a0cdc0957
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2026559a6c4ce34db117d2db8f710fe2a9420d5a
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7af3309c7a2ef26831a67125b11c34a7e01c1b2a
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/86b19031dbc79abc378dfae357f6ea33ebeb0c95
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/b0e4765740040c44039282057ecacd7435d1d2ba
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d904e4d845aafbcfd8a40c1df7d999f02f062be8
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ffc440a76a0f476a7e6ea838ec0dc8e9979944d1
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-53130	https://bugzilla.suse.com/show_bug.cgi?id=1234219
suse_bugzilla	https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-53130.mbox	https://bugzilla.suse.com/show_bug.cgi?id=1234219
suse_bugzilla	https://git.kernel.org/stable/c/86b19031dbc79abc378dfae357f6ea33ebeb0c95	https://bugzilla.suse.com/show_bug.cgi?id=1234219
suse_bugzilla	https://git.kernel.org/stable/c/b0e4765740040c44039282057ecacd7435d1d2ba	https://bugzilla.suse.com/show_bug.cgi?id=1234219
suse_bugzilla	https://git.kernel.org/stable/c/ffc440a76a0f476a7e6ea838ec0dc8e9979944d1	https://bugzilla.suse.com/show_bug.cgi?id=1234219
suse_bugzilla	https://git.kernel.org/stable/c/2026559a6c4ce34db117d2db8f710fe2a9420d5a	https://bugzilla.suse.com/show_bug.cgi?id=1234219
suse_bugzilla	https://www.cve.org/CVERecord?id=CVE-2024-53130	https://bugzilla.suse.com/show_bug.cgi?id=1234219
suse_bugzilla	https://bugzilla.redhat.com/show_bug.cgi?id=2330343	https://bugzilla.suse.com/show_bug.cgi?id=1234219
redhat_bugzilla	https://lore.kernel.org/linux-cve-announce/2024120450-CVE-2024-53130-5621@gregkh/T	https://bugzilla.redhat.com/show_bug.cgi?id=2330343
debian		https://security-tracker.debian.org/tracker/CVE-2024-53130
mageia		http://advisories.mageia.org/MGASA-2024-0392.html

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

详情(点击展开)

影响的包	修复版本	修复补丁	问题引入补丁	来源
		https://git.kernel.org/stable/c/2026559a6c4ce34db117d2db8f710fe2a9420d5a		nvd
		https://git.kernel.org/stable/c/7af3309c7a2ef26831a67125b11c34a7e01c1b2a		nvd
		https://git.kernel.org/stable/c/86b19031dbc79abc378dfae357f6ea33ebeb0c95		nvd
		https://git.kernel.org/stable/c/b0e4765740040c44039282057ecacd7435d1d2ba		nvd
		https://git.kernel.org/stable/c/ffc440a76a0f476a7e6ea838ec0dc8e9979944d1		nvd
linux_kernel	6.1.119	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=86b19031dbc7Issue	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5305cb830834	linuxkernelcves
linux_kernel	6.6.63	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b0e476574004Issue	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5305cb830834	linuxkernelcves
linux_kernel	6.11.10	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ffc440a76a0fIssue	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5305cb830834	linuxkernelcves
linux_kernel	6.12	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2026559a6c4cPlease	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5305cb830834	linuxkernelcves

二、漏洞分析结构反馈
影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:nilfs2: fix null-ptr-deref in block_dirty_buffer tracepointWhen using the "block:block_dirty_buffer" tracepoint, mark_buffer_dirty()may cause a NULL pointer dereference, or a general protection fault whenKASAN is enabled.This happens because, since the tracepoint was added inmark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_devregardless of whether the buffer head has a pointer to a block_devicestructure.In the current implementation, nilfs_grab_buffer(), which grabs a bufferto read (or create) a block of metadata, including b-tree node blocks,does not set the block device, but instead does so only if the buffer isnot in the "uptodate" state for each of its caller block readingfunctions. However, if the uptodate flag is set on a folio/page, and thebuffer heads are detached from it by try_to_free_buffers(), and new bufferheads are then attached by create_empty_buffers(), the uptodate flag maybe restored to each buffer without the block device being set tobh->b_bdev, and mark_buffer_dirty() may be called later in that state,resulting in the bug mentioned above.Fix this issue by making nilfs_grab_buffer() always set the block deviceof the super block structure to the buffer head, regardless of the stateof the buffer's uptodate flag.The Linux kernel CVE team has assigned CVE-2024-53130 to this issue.
openEuler评分：
5.5
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP4(4.19.90):受影响
2.openEuler-22.03-LTS-SP1(5.10.0):受影响
3.openEuler-22.03-LTS-SP3(5.10.0):受影响
4.openEuler-22.03-LTS-SP4(5.10.0):受影响
5.openEuler-24.03-LTS(6.6.0):受影响
6.openEuler-24.03-LTS-SP1(6.6.0):受影响
7.master(6.6.0):不受影响
8.openEuler-24.03-LTS-Next(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP4(4.19.90):否
2.openEuler-22.03-LTS-SP1(5.10.0):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.master(6.6.0):否
5.openEuler-24.03-LTS(6.6.0):否
6.openEuler-24.03-LTS-Next(6.6.0):否
7.openEuler-22.03-LTS-SP4(5.10.0):否
8.openEuler-24.03-LTS-SP1(6.6.0):否

原因说明：
1.openEuler-22.03-LTS-SP1(5.10.0):正常修复
2.openEuler-22.03-LTS-SP3(5.10.0):正常修复
3.openEuler-22.03-LTS-SP4(5.10.0):正常修复
4.openEuler-24.03-LTS(6.6.0):正常修复
5.openEuler-24.03-LTS-SP1(6.6.0):正常修复
6.openEuler-20.03-LTS-SP4(4.19.90):暂不修复-暂无解决方案或补丁
7.master(6.6.0):不受影响-漏洞代码不能被攻击者触发
8.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2024-2537

src-openEuler/kernel

内容风险标识

评论 (16)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2024-53130

评论 (16)

搜索帮助

src-openEuler/kernel