CVE-2024-53112

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.65

Description A vulnerability has been resolved in the Linux kernel, specifically in the ocfs2 module. When the 'ioctl(OCFS2 IOC GROUP ADD, ...)' call fails for a particular inode in 'ocfs2 verify group and input()', the corresponding buffer head remains cached. A subsequent call to the same 'ioctl()' for the same inode issues a BUG in 'ocfs2 set new buffer uptodate()', trying to cache the same buffer head of that inode. The issue is fixed by uncaching the buffer head with 'ocfs2 remove from cache()' on the error path in 'ocfs2 group add()'. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.65 or later. As a temporary workaround, consider disabling the 'ocfs2 group add()' function until a patch is available. Restrict access to the vulnerable 'ocfs2' module to minimize the risk of exploitation. Avoid using the 'ioctl(OCFS2 IOC GROUP ADD, ...)' call in the affected API endpoint until the issue is resolved. At the moment, there is no other information about additional mitigation measures.