CVE-2024-53182
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-53182
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53182.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-53182
- Downstream
- Published
- 2024-12-27T13:49:25Z
- Modified
- 2025-10-22T05:31:16.489893Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Revert "block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()"
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Revert "block, bfq: merge bfqreleaseprocessref() into bfqput_cooperator()"
This reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de.
The bic is associated with syncbfqq, and bfqreleaseprocessref cannot be put into bfqputcooperator.
kasan report: [ 400.347277] ================================================================== [ 400.347287] BUG: KASAN: slab-use-after-free in bicsetbfqq+0x200/0x230 [ 400.347420] Read of size 8 at addr ffff88881cab7d60 by task dockerd/5800 [ 400.347430] [ 400.347436] CPU: 24 UID: 0 PID: 5800 Comm: dockerd Kdump: loaded Tainted: G E 6.12.0 #32 [ 400.347450] Tainted: [E]=UNSIGNEDMODULE [ 400.347454] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022 [ 400.347460] Call Trace: [ 400.347464] <TASK> [ 400.347468] dumpstacklvl+0x5d/0x80 [ 400.347490] printreport+0x174/0x505 [ 400.347521] kasanreport+0xe0/0x160 [ 400.347541] bicsetbfqq+0x200/0x230 [ 400.347549] bfqbicupdatecgroup+0x419/0x740 [ 400.347560] bfqbiomerge+0x133/0x320 [ 400.347584] blkmqsubmitbio+0x1761/0x1e20 [ 400.347625] _submitbio+0x28b/0x7b0 [ 400.347664] submitbionoacctnocheck+0x6b2/0xd30 [ 400.347690] iomapreadahead+0x50c/0x680 [ 400.347731] readpages+0x17f/0x9c0 [ 400.347785] pagecacheraunbounded+0x366/0x4a0 [ 400.347795] filemapfault+0x83d/0x2340 [ 400.347819] _xfsfilemapfault+0x11a/0x7d0 [xfs] [ 400.349256] _dofault+0xf1/0x610 [ 400.349270] dofault+0x977/0x11a0 [ 400.349281] _handlemmfault+0x5d1/0x850 [ 400.349314] handlemmfault+0x1f8/0x560 [ 400.349324] douseraddrfault+0x324/0x970 [ 400.349337] excpagefault+0x76/0xf0 [ 400.349350] asmexcpagefault+0x26/0x30 [ 400.349360] RIP: 0033:0x55a480d77375 [ 400.349384] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 ae 02 00 00 55 48 89 e5 48 83 ec 58 48 8b 10 <83> 7a 10 00 0f 84 27 02 00 00 44 0f b6 42 28 44 0f b6 4a 29 41 80 [ 400.349392] RSP: 002b:00007f18c37fd8b8 EFLAGS: 00010216 [ 400.349401] RAX: 00007f18c37fd9d0 RBX: 0000000000000000 RCX: 0000000000000000 [ 400.349407] RDX: 000055a484407d38 RSI: 000000c000e8b0c0 RDI: 0000000000000000 [ 400.349412] RBP: 00007f18c37fd910 R08: 000055a484017f60 R09: 000055a484066f80 [ 400.349417] R10: 0000000000194000 R11: 0000000000000005 R12: 0000000000000008 [ 400.349422] R13: 0000000000000000 R14: 000000c000476a80 R15: 0000000000000000 [ 400.349430] </TASK> [ 400.349452] [ 400.349454] Allocated by task 5800: [ 400.349459] kasansavestack+0x30/0x50 [ 400.349469] kasansavetrack+0x14/0x30 [ 400.349475] _kasanslaballoc+0x89/0x90 [ 400.349482] kmemcacheallocnodenoprof+0xdc/0x2a0 [ 400.349492] bfqgetqueue+0x1ef/0x1100 [ 400.349502] _bfqgetbfqqhandlesplit+0x11a/0x510 [ 400.349511] bfqinsertrequests+0xf55/0x9030 [ 400.349519] blkmqflushpluglist+0x446/0x14c0 [ 400.349527] _blkflushplug+0x27c/0x4e0 [ 400.349534] blkfinishplug+0x52/0xa0 [ 400.349540] xfsbufioapply+0x739/0xc30 [xfs] [ 400.350246] _xfsbufsubmit+0x1b2/0x640 [xfs] [ 400.350967] xfsbufreadmap+0x306/0xa20 [xfs] [ 400.351672] xfstransreadbufmap+0x285/0x7d0 [xfs] [ 400.352386] xfsimaptobp+0x107/0x270 [xfs] [ 400.353077] xfsiget+0x70d/0x1eb0 [xfs] [ 400.353786] xfslookup+0x2ca/0x3a0 [xfs] [ 400.354506] xfsvnlookup+0x14e/0x1a0 [xfs] [ 400.355197] _lookupslow+0x19c/0x340 [ 400.355204] lookuponeunlocked+0xfc/0x120 [ 400.355211] ovllookupsingle+0x1b3/0xcf0 [overlay] [ 400.355255] ovllookuplayer+0x316/0x490 [overlay] [ 400.355295] ovllookup+0x844/0x1fd0 [overlay] [ 400.355351] lookuponeqstrexcl+0xef/0x150 [ 400.355357] dounlinkat+0x22a/0x620 [ 400.355366] _x64sysunlinkat+0x109/0x1e0 [ 400.355375] dosyscall64+0x82/0x160 [ 400.355384] entrySYSCALL64afterhwframe+0x76/0x7 ---truncated---
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbc3b1e9e7c50e1de0f573eea3871db61dd4787deFixed7baf94232651f39f7108c23bc9548bff89bdc77b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbc3b1e9e7c50e1de0f573eea3871db61dd4787deFixedcf5a60d971c7b59efb89927919404be655a9e35a
Affected versions
v6.*
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7baf94232651f39f7108c23bc9548bff89bdc77b",
"id": "CVE-2024-53182-0138f2c2",
"signature_version": "v1",
"target": {
"file": "block/bfq-cgroup.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"159385703647660962614212028393257946100",
"107655436711852402771928311504975663707",
"229127703594023751627494730995314268637",
"102631983161957995649888686376990316340"
]
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf5a60d971c7b59efb89927919404be655a9e35a",
"id": "CVE-2024-53182-1e0f561e",
"signature_version": "v1",
"target": {
"function": "bfq_put_cooperator",
"file": "block/bfq-iosched.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "224171561858923511146405622992244350859",
"length": 194.0
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7baf94232651f39f7108c23bc9548bff89bdc77b",
"id": "CVE-2024-53182-2a2a19d2",
"signature_version": "v1",
"target": {
"function": "bfq_split_bfqq",
"file": "block/bfq-iosched.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "42503538685607064304014688593289607306",
"length": 359.0
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf5a60d971c7b59efb89927919404be655a9e35a",
"id": "CVE-2024-53182-2b1a6f86",
"signature_version": "v1",
"target": {
"function": "bfq_sync_bfqq_move",
"file": "block/bfq-cgroup.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "8500015078066735723428462563986848701",
"length": 486.0
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf5a60d971c7b59efb89927919404be655a9e35a",
"id": "CVE-2024-53182-3be6d464",
"signature_version": "v1",
"target": {
"file": "block/bfq-iosched.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"70996988003863978022879643556898200497",
"15875478824816207098354187383214582857",
"165185524413832512439056436121373396686",
"38953600696524266593834050131465796110",
"220670530629747302537027345301838303692",
"314672498964879559371249065773547789734",
"2027936731165992582543276640450385726",
"12612093330815629132273121333030136135",
"12560707866684245825613363195538358858",
"333883501966218122870262146419079084368",
"45036639266920683529649893981858229388",
"10581066026384160841580020109887797645"
]
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf5a60d971c7b59efb89927919404be655a9e35a",
"id": "CVE-2024-53182-3dbe6bc5",
"signature_version": "v1",
"target": {
"file": "block/bfq-cgroup.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"159385703647660962614212028393257946100",
"107655436711852402771928311504975663707",
"229127703594023751627494730995314268637",
"102631983161957995649888686376990316340"
]
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7baf94232651f39f7108c23bc9548bff89bdc77b",
"id": "CVE-2024-53182-4d3eb609",
"signature_version": "v1",
"target": {
"file": "block/bfq-iosched.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"70996988003863978022879643556898200497",
"15875478824816207098354187383214582857",
"165185524413832512439056436121373396686",
"38953600696524266593834050131465796110",
"220670530629747302537027345301838303692",
"314672498964879559371249065773547789734",
"2027936731165992582543276640450385726",
"12612093330815629132273121333030136135",
"12560707866684245825613363195538358858",
"333883501966218122870262146419079084368",
"45036639266920683529649893981858229388",
"10581066026384160841580020109887797645"
]
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf5a60d971c7b59efb89927919404be655a9e35a",
"id": "CVE-2024-53182-8a899872",
"signature_version": "v1",
"target": {
"function": "bfq_split_bfqq",
"file": "block/bfq-iosched.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "42503538685607064304014688593289607306",
"length": 359.0
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7baf94232651f39f7108c23bc9548bff89bdc77b",
"id": "CVE-2024-53182-9b185422",
"signature_version": "v1",
"target": {
"function": "bfq_exit_bfqq",
"file": "block/bfq-iosched.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "95990126134189568595705832694723330015",
"length": 273.0
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf5a60d971c7b59efb89927919404be655a9e35a",
"id": "CVE-2024-53182-ace290ee",
"signature_version": "v1",
"target": {
"function": "bfq_exit_bfqq",
"file": "block/bfq-iosched.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "95990126134189568595705832694723330015",
"length": 273.0
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7baf94232651f39f7108c23bc9548bff89bdc77b",
"id": "CVE-2024-53182-e61873ed",
"signature_version": "v1",
"target": {
"function": "bfq_sync_bfqq_move",
"file": "block/bfq-cgroup.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "8500015078066735723428462563986848701",
"length": 486.0
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7baf94232651f39f7108c23bc9548bff89bdc77b",
"id": "CVE-2024-53182-f004ec1c",
"signature_version": "v1",
"target": {
"function": "bfq_put_cooperator",
"file": "block/bfq-iosched.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "224171561858923511146405622992244350859",
"length": 194.0
}
}
]