CVE-2023-53526
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
jbd2: check 'jh->b_transaction' before removing it from checkpoint
Following process will corrupt ext4 image: Step 1: jbd2_journal_commit_transaction __jbd2_journal_insert_checkpoint(jh, commit_transaction) // Put jh into trans1->t_checkpoint_list journal->j_checkpoint_transactions = commit_transaction // Put trans1 into journal->j_checkpoint_transactions
Step 2: do_get_write_access test_clear_buffer_dirty(bh) // clear buffer dirty,set jbd dirty __jbd2_journal_file_buffer(jh, transaction) // jh belongs to trans2
Step 3: drop_cache journal_shrink_one_cp_list jbd2_journal_try_remove_checkpoint if (!trylock_buffer(bh)) // lock bh, true if (buffer_dirty(bh)) // buffer is not dirty __jbd2_journal_remove_checkpoint(jh) // remove jh from trans1->t_checkpoint_list
Step 4: jbd2_log_do_checkpoint trans1 = journal->j_checkpoint_transactions // jh is not in trans1->t_checkpoint_list jbd2_cleanup_journal_tail(journal) // trans1 is done
Step 5: Power cut, trans2 is not committed, jh is lost in next mounting.
Fix it by checking 'jh->b_transaction' before remove it from checkpoint.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b832174b7f89df3ebab02f5b485d00127a0e1a6e < ef5fea70e5915afd64182d155e72bfb4f275e1fc | affected |
| Linux | Linux | e5c768d809a85e9efd0274b2efe69d4970cc0014 < dbafe636db415299e54d9dfefc1003bda9e71c9d | affected |
| Linux | Linux | 46f881b5b1758dc4a35fba4a643c10717d0cf427 < 2298f2589903a8bc03061b54b31fd97985ab6529 | affected |
| Linux | Linux | 46f881b5b1758dc4a35fba4a643c10717d0cf427 < 590a809ff743e7bd890ba5fb36bc38e20a36de53 | affected |
| Linux | Linux | 019b59aeb2af6b47d5c8e69c5dc1d731c8df0354 | affected |
| Linux | Linux | 5.15.129 < 5.15.132 | affected |
| Linux | Linux | 6.1.50 < 6.1.54 | affected |
| Linux | Linux | 6.4.13 < 6.5 | affected |
| Linux | Linux | 6.5 | affected |
| Linux | Linux | 0 < 6.5 | unaffected |
| Linux | Linux | 5.15.132 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.54 <= 6.1.* | unaffected |
| Linux | Linux | 6.5.4 <= 6.5.* | unaffected |
| Linux | Linux | 6.6 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/ef5fea70e5915afd64182d155e72bfb4f275e1fc
- https://git.kernel.org/stable/c/dbafe636db415299e54d9dfefc1003bda9e71c9d
- https://git.kernel.org/stable/c/2298f2589903a8bc03061b54b31fd97985ab6529
- https://git.kernel.org/stable/c/590a809ff743e7bd890ba5fb36bc38e20a36de53
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.