CVE-2024-40969

Summary

In the Linux kernel, the following vulnerability has been resolved:

f2fs: don't set RO when shutting down f2fs

Shutdown does not check the error of thaw_super due to readonly, which causes a deadlock like below.

f2fs_ioc_shutdown(F2FS_GOING_DOWN_FULLSYNC) issue_discard_thread

  • bdev_freeze
  • freeze_super
  • f2fs_stop_checkpoint()
  • f2fs_handle_critical_error - sb_start_write
    • set RO - waiting
  • bdev_thaw
  • thaw_super_locked
    • return -EINVAL, if sb_rdonly()
  • f2fs_stop_discard_thread -> wait for kthread_stop(discard_thread);

Affected Software

VendorProductVersion RangeStatus
LinuxLinux98e4da8ca301e062d79ae168c67e56f3c3de3ce4 < 1036d3ea7a32cb7cee00885c73a1f2ba7fbc499aaffected
LinuxLinux98e4da8ca301e062d79ae168c67e56f3c3de3ce4 < f47ed3b284b38f235355e281f57dfa8fffcc6563affected
LinuxLinux98e4da8ca301e062d79ae168c67e56f3c3de3ce4 < 3bdb7f161697e2d5123b89fe1778ef17a44858e7affected
LinuxLinux3.8affected
LinuxLinux0 < 3.8unaffected
LinuxLinux6.6.36 <= 6.6.*unaffected
LinuxLinux6.9.7 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References