CVE-2024-57924

Summary

In the Linux kernel, the following vulnerability has been resolved:

fs: relax assertions on failure to encode file handles

Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons.

The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle.

There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encode_fh() fails. Relax those assertions because they are wrong.

The second linked bug report states commit 16aac5ad1fa9 ("ovl: support encoding non-decodable file handles") in v6.6 as the regressing commit, but this is not accurate.

The aforementioned commit only increases the chances of the assertion and allows triggering the assertion with the reproducer using overlayfs, inotify and drop_caches.

Triggering this assertion was always possible with other filesystems and other reasons of ->encode_fh() failures and more particularly, it was also possible with the exact same reproducer using overlayfs that is mounted with options index=on,nfs_export=on also on kernels < v6.6. Therefore, I am not listing the aforementioned commit as a Fixes commit.

Backport hint: this patch will have a trivial conflict applying to v6.6.y, and other trivial conflicts applying to stable kernels < v6.6.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbe77196b809cdce8603a5aadd5e3cfabd3cbef96 < 73697928c806fe4689939722184a86fc1c1957b4affected
LinuxLinuxbe77196b809cdce8603a5aadd5e3cfabd3cbef96 < f47c834a9131ae64bee3c462f4e610c67b0a000faffected
LinuxLinuxbe77196b809cdce8603a5aadd5e3cfabd3cbef96 < adcde2872f8fc399b249758ae1990dcd53b694eaaffected
LinuxLinuxbe77196b809cdce8603a5aadd5e3cfabd3cbef96 < 974e3fe0ac61de85015bbe5a4990cf4127b304b2affected
LinuxLinux3.8affected
LinuxLinux0 < 3.8unaffected
LinuxLinux6.1.151 <= 6.1.*unaffected
LinuxLinux6.6.74 <= 6.6.*unaffected
LinuxLinux6.12.10 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

Additional References

References