CVE-2023-52897

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-52897

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52897.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-52897

Related

UBUNTU-CVE-2023-52897

Published

2024-08-21T07:15:06Z

Modified

2024-09-18T01:00:21Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: qgroup: do not warn on record without old_roots populated

[BUG] There are some reports from the mailing list that since v6.1 kernel, the WARNON() inside btrfsqgroupaccountextent() gets triggered during rescan:

WARNING: CPU: 3 PID: 6424 at fs/btrfs/qgroup.c:2756 btrfsqgroupaccountextents+0x1ae/0x260 [btrfs] CPU: 3 PID: 6424 Comm: snapperd Tainted: P OE 6.1.2-1-default #1 openSUSE Tumbleweed 05c7a1b1b61d5627475528f71f50444637b5aad7 RIP: 0010:btrfsqgroupaccountextents+0x1ae/0x260 [btrfs] Call Trace: <TASK> btrfscommittransaction+0x30c/0xb40 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] ? starttransaction+0xc3/0x5b0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] btrfsqgrouprescan+0x42/0xc0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] btrfsioctl+0x1ab9/0x25c0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] ? _rseqhandlenotifyresume+0xa9/0x4a0 ? mntputnoexpire+0x4a/0x240 ? _seccompfilter+0x319/0x4d0 _x64sysioctl+0x90/0xd0 dosyscall64+0x5b/0x80 ? syscallexittousermode+0x17/0x40 ? dosyscall64+0x67/0x80 entrySYSCALL64after_hwframe+0x63/0xcd RIP: 0033:0x7fd9b790d9bf </TASK>

[CAUSE] Since commit e15e9f43c7ca ("btrfs: introduce BTRFSQGROUPRUNTIMEFLAGNO_ACCOUNTING to skip qgroup accounting"), if our qgroup is already in inconsistent state, we will no longer do the time-consuming backref walk.

This can leave some qgroup records without a valid oldroots ulist. Normally this is fine, as btrfsqgroupaccountextents() would also skip those records if we have NO_ACCOUNTING flag set.

But there is a small window, if we have NOACCOUNTING flag set, and inserted some qgrouprecord without a old_roots ulist, but then the user triggered a qgroup rescan.

During btrfsqgrouprescan(), we firstly clear NO_ACCOUNTING flag, then commit current transaction.

And since we have a qgrouprecord with oldroots = NULL, we trigger the WARNON() during btrfsqgroupaccountextents().

[FIX] Unfortunately due to the introduction of NOACCOUNTING flag, the assumption that every qgrouprecord would have its old_roots populated is no longer correct.

Fix the false alerts and drop the WARN_ON().

References

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}