CVE-2024-56586

一、漏洞信息
 漏洞编号：[CVE-2024-56586](https://nvd.nist.gov/vuln/detail/CVE-2024-56586)
 漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)
 漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.4.0,6.6.0
 CVSS V3.0分值：
  BaseScore：0.0 None
  Vector：CVSS：3.0/
 漏洞简述：
  In the Linux kernel, the following vulnerability has been resolved:f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.creating a large files during checkpoint disable until it runs out ofspace and then delete it, then remount to enable checkpoint again, andthen unmount the filesystem triggers the f2fs_bug_on as below:------------[ cut here ]------------kernel BUG at fs/f2fs/inode.c:896!CPU: 2 UID: 0 PID: 1286 Comm: umount Not tainted 6.11.0-rc7-dirty #360Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTIRIP: 0010:f2fs_evict_inode+0x58c/0x610Call Trace: __die_body+0x15/0x60 die+0x33/0x50 do_trap+0x10a/0x120 f2fs_evict_inode+0x58c/0x610 do_error_trap+0x60/0x80 f2fs_evict_inode+0x58c/0x610 exc_invalid_op+0x53/0x60 f2fs_evict_inode+0x58c/0x610 asm_exc_invalid_op+0x16/0x20 f2fs_evict_inode+0x58c/0x610 evict+0x101/0x260 dispose_list+0x30/0x50 evict_inodes+0x140/0x190 generic_shutdown_super+0x2f/0x150 kill_block_super+0x11/0x40 kill_f2fs_super+0x7d/0x140 deactivate_locked_super+0x2a/0x70 cleanup_mnt+0xb3/0x140 task_work_run+0x61/0x90The root cause is: creating large files during disable checkpointperiod results in not enough free segments, so when writing back rootinode will failed in f2fs_enable_checkpoint. When umount the filesystem after enabling checkpoint, the root inode is dirty inf2fs_evict_inode function, which triggers BUG_ON. The steps toreproduce are as follows:dd if=/dev/zero of=f2fs.img bs=1M count=55mount f2fs.img f2fs_dir -o checkpoint=disable:10%dd if=/dev/zero of=big bs=1M count=50syncrm bigmount -o remount,checkpoint=enable f2fs_dirumount f2fs_dirLet s redirty inode when there is not free segments during checkpointis disable.
 漏洞公开时间：2024-12-27 23:15:17
 漏洞创建时间：2024-12-28 00:03:43
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2024-56586
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/9669b28f81e0ec6305af7773846fbe2cef1e7d61 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/9e28513fd2858911dcf47b84160a8824587536b6 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/a365de2fbfbe1e6740bfb75ab5c3245cf7bbe4d7 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ac8aaf78bd039fa1be0acaa8e84a56499f79d721 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/d5c367ef8287fb4d235c46a2f8c8d68715f3a0ca |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/dff561e4060d28edc9a2960d4a87f3c945a96aa3 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ef517d2d21c3d8e2ad35b2bb728bd1c90a31e617 |  |
| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-56586 | https://bugzilla.suse.com/show_bug.cgi?id=1235126 |
| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-56586 | https://bugzilla.suse.com/show_bug.cgi?id=1235126 |
| suse_bugzilla | https://git.kernel.org/stable/c/9669b28f81e0ec6305af7773846fbe2cef1e7d61 | https://bugzilla.suse.com/show_bug.cgi?id=1235126 |
| suse_bugzilla | https://git.kernel.org/stable/c/9e28513fd2858911dcf47b84160a8824587536b6 | https://bugzilla.suse.com/show_bug.cgi?id=1235126 |
| suse_bugzilla | https://git.kernel.org/stable/c/a365de2fbfbe1e6740bfb75ab5c3245cf7bbe4d7 | https://bugzilla.suse.com/show_bug.cgi?id=1235126 |
| suse_bugzilla | https://git.kernel.org/stable/c/ac8aaf78bd039fa1be0acaa8e84a56499f79d721 | https://bugzilla.suse.com/show_bug.cgi?id=1235126 |
| suse_bugzilla | https://git.kernel.org/stable/c/d5c367ef8287fb4d235c46a2f8c8d68715f3a0ca | https://bugzilla.suse.com/show_bug.cgi?id=1235126 |
| suse_bugzilla | https://git.kernel.org/stable/c/dff561e4060d28edc9a2960d4a87f3c945a96aa3 | https://bugzilla.suse.com/show_bug.cgi?id=1235126 |
| suse_bugzilla | https://git.kernel.org/stable/c/ef517d2d21c3d8e2ad35b2bb728bd1c90a31e617 | https://bugzilla.suse.com/show_bug.cgi?id=1235126 |
| suse_bugzilla | https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-56586.mbox | https://bugzilla.suse.com/show_bug.cgi?id=1235126 |
| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2334489 | https://bugzilla.suse.com/show_bug.cgi?id=1235126 |
| debian |  | https://security-tracker.debian.org/tracker/CVE-2024-56586 |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

无
</details>

二、漏洞分析结构反馈
 影响性分析说明：
  In the Linux kernel, the following vulnerability has been resolved:f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.creating a large files during checkpoint disable until it runs out ofspace and then delete it, then remount to enable checkpoint again, andthen unmount the filesystem triggers the f2fs_bug_on as below:------------[ cut here ]------------kernel BUG at fs/f2fs/inode.c:896!CPU: 2 UID: 0 PID: 1286 Comm: umount Not tainted 6.11.0-rc7-dirty #360Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTIRIP: 0010:f2fs_evict_inode+0x58c/0x610Call Trace: __die_body+0x15/0x60 die+0x33/0x50 do_trap+0x10a/0x120 f2fs_evict_inode+0x58c/0x610 do_error_trap+0x60/0x80 f2fs_evict_inode+0x58c/0x610 exc_invalid_op+0x53/0x60 f2fs_evict_inode+0x58c/0x610 asm_exc_invalid_op+0x16/0x20 f2fs_evict_inode+0x58c/0x610 evict+0x101/0x260 dispose_list+0x30/0x50 evict_inodes+0x140/0x190 generic_shutdown_super+0x2f/0x150 kill_block_super+0x11/0x40 kill_f2fs_super+0x7d/0x140 deactivate_locked_super+0x2a/0x70 cleanup_mnt+0xb3/0x140 task_work_run+0x61/0x90The root cause is: creating large files during disable checkpointperiod results in not enough free segments, so when writing back rootinode will failed in f2fs_enable_checkpoint. When umount the filesystem after enabling checkpoint, the root inode is dirty inf2fs_evict_inode function, which triggers BUG_ON. The steps toreproduce are as follows:dd if=/dev/zero of=f2fs.img bs=1M count=55mount f2fs.img f2fs_dir -o checkpoint=disable:10%dd if=/dev/zero of=big bs=1M count=50syncrm bigmount -o remount,checkpoint=enable f2fs_dirumount f2fs_dirLet&#39;s redirty inode when there is not free segments during checkpointis disable.The Linux kernel CVE team has assigned CVE-2024-56586 to this issue.
 openEuler评分：
  5.5
 Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-22.03-LTS-SP1(5.10.0):受影响
2.openEuler-22.03-LTS-SP3(5.10.0):受影响
3.openEuler-22.03-LTS-SP4(5.10.0):受影响
4.openEuler-24.03-LTS(6.6.0):受影响
5.openEuler-24.03-LTS-SP1(6.6.0):受影响
6.openEuler-20.03-LTS-SP4(4.19.90):不受影响
7.master:不受影响
8.openEuler-24.03-LTS-Next(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP4(4.19.90):否
2.openEuler-22.03-LTS-SP1(5.10.0):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.master:否
5.openEuler-24.03-LTS(6.6.0):否
6.openEuler-24.03-LTS-Next(6.6.0):否
7.openEuler-22.03-LTS-SP4(5.10.0):否
8.openEuler-24.03-LTS-SP1(6.6.0):否

原因说明：
  1.openEuler-22.03-LTS-SP1(5.10.0):正常修复
2.openEuler-22.03-LTS-SP3(5.10.0):正常修复
3.openEuler-22.03-LTS-SP4(5.10.0):正常修复
4.openEuler-24.03-LTS(6.6.0):正常修复
5.openEuler-24.03-LTS-SP1(6.6.0):正常修复
6.master:不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发
8.openEuler-20.03-LTS-SP4(4.19.90):不受影响-漏洞代码不存在

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1079

src-openEuler/kernel

内容风险标识

评论 (9)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2024-56586

评论 (9)

搜索帮助

src-openEuler/kernel