Skip to content

In the Linux kernel, the following vulnerability has been...

Unreviewed Published Apr 17, 2024 to the GitHub Advisory Database • Updated Jun 26, 2024

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

In the Linux kernel, the following vulnerability has been resolved:

afs: Fix endless loop in directory parsing

If a directory has a block with only ".__afsXXXX" files in it (from
uncompleted silly-rename), these .__afsXXXX files are skipped but without
advancing the file position in the dir_context. This leads to
afs_dir_iterate() repeating the block again and again.

Fix this by making the code that skips the .__afsXXXX file also manually
advance the file position.

The symptoms are a soft lookup:

    watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737]
    ...
    RIP: 0010:afs_dir_iterate_block+0x39/0x1fd
    ...
     ? watchdog_timer_fn+0x1a6/0x213
    ...
     ? asm_sysvec_apic_timer_interrupt+0x16/0x20
     ? afs_dir_iterate_block+0x39/0x1fd
     afs_dir_iterate+0x10a/0x148
     afs_readdir+0x30/0x4a
     iterate_dir+0x93/0xd3
     __do_sys_getdents64+0x6b/0xd4

This is almost certainly the actual fix for:

    https://bugzilla.kernel.org/show_bug.cgi?id=218496

References

Published by the National Vulnerability Database Apr 17, 2024
Published to the GitHub Advisory Database Apr 17, 2024
Last updated Jun 26, 2024

Severity

Unknown

Weaknesses

No CWEs

CVE ID

CVE-2024-26848

GHSA ID

GHSA-3w4p-cp93-7566

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.