CVE-2024-26658

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.7.5

Description A vulnerability in the Linux kernel has been identified, which can cause a deadlock when using bcachefs with compression. The issue arises when snapshotting a mongodb data volume, resulting in a lockdep warning. The vulnerability is related to a possible circular locking dependency detected in the kernel.

Technical details about exploitation include:

API Endpoints: None explicitly mentioned.
Vulnerable Parameters or Variables: sb writers#10, &type->s umount key#48, and &c->snapshot create lock are involved in the deadlock scenario.
Function Names: filename create(), bch2 fs file ioctl(), down read(), lock acquire(), and mnt want write() are mentioned as part of the call stack leading to the deadlock.

Recommendations To resolve the issue for Linux kernel versions prior to 6.7.5, update the kernel to version 6.7.5 or later. As a temporary workaround, consider disabling the snapshot feature for bcachefs until the update can be applied.

Exploit

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-833CWE-667

Related Identifiers

BDU:2024-11618

CVE-2024-26658

Affected Products

Astra Linux

Linux Kernel

CVE-2024-26658

Weakness Enumeration

Related Identifiers

Affected Products

References · 24