SB2024062086 - Improper locking in Linux kernel nilfs2

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2024-38582)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830
• https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b
• https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb
• https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd
• https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0
• https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a
• https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b
• https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f
• https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.278
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.12