GHSA-r7rx-q42q-vq8v

Опубликовано: 26 авг. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 5.5

Описание

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix double inode unlock for direct IO sync writes

If we do a direct IO sync write, at btrfs_sync_file(), and we need to skip inode logging or we get an error starting a transaction or an error when flushing delalloc, we end up unlocking the inode when we shouldn't under the 'out_release_extents' label, and then unlock it again at btrfs_direct_write().

Fix that by checking if we have to skip inode unlocking under that label.

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix double inode unlock for direct IO sync writes

Fix that by checking if we have to skip inode unlocking under that label.

Ссылки

5.5 Medium

CVSS3

CVE ID

CVE-2024-43885

Дефекты

CWE-667

Связанные уязвимости

CVE-2024-43885

ubuntu

10 месяцев назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2024-43885

CVSS3: 5.5

redhat

10 месяцев назад

A flaw in the Linux kernel’s btrfs filesystem was identified during direct I/O synchronous writes where the inode could be incorrectly unlocked twice. This issue arose in the btrfs_sync_file() function when certain conditions, such as skipping inode logging or encountering errors while starting a transaction or flushing delayed allocations, led to premature inode unlocking at the out_release_extents label.