5.5
MEDIUM
CVE-2024-42077
Linux OCFS2 Transaction Credit Insufficiency Vulnerability
Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not take into account that the IO could be arbitrarily large and can contain arbitrary number of extents. Extent tree manipulations do often extend the current transaction but not in all of the cases. For example if we have only single block extents in the tree, ocfs2_mark_extent_written() will end up calling ocfs2_replace_extent_rec() all the time and we will never extend the current transaction and eventually exhaust all the transaction credits if the IO contains many single block extents. Once that happens a WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in jbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to this error. This was actually triggered by one of our customers on a heavily fragmented OCFS2 filesystem. To fix the issue make sure the transaction always has enough credits for one extent insert before each call of ocfs2_mark_extent_written(). Heming Zhao said: ------ PANIC: "Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error" PID: xxx TASK: xxxx CPU: 5 COMMAND: "SubmitThread-CA" #0 machine_kexec at ffffffff8c069932 #1 __crash_kexec at ffffffff8c1338fa #2 panic at ffffffff8c1d69b9 #3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2] #4 __ocfs2_abort at ffffffffc0c88387 [ocfs2] #5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2] #6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2] #7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2] #8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2] #9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2] #10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2] #11 dio_complete at ffffffff8c2b9fa7 #12 do_blockdev_direct_IO at ffffffff8c2bc09f #13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2] #14 generic_file_direct_write at ffffffff8c1dcf14 #15 __generic_file_write_iter at ffffffff8c1dd07b #16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2] #17 aio_write at ffffffff8c2cc72e #18 kmem_cache_alloc at ffffffff8c248dde #19 do_io_submit at ffffffff8c2ccada #20 do_syscall_64 at ffffffff8c004984 #21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba

INFO

Published Date :

July 29, 2024, 4:15 p.m.

Last Modified :

Nov. 21, 2024, 9:33 a.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2024-42077 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-42077.

URL Resource
https://git.kernel.org/stable/c/320273b5649bbcee87f9e65343077189699d2a7a Patch
https://git.kernel.org/stable/c/331d1079d58206ff7dc5518185f800b412f89bc6 Patch
https://git.kernel.org/stable/c/9ea2d1c6789722d58ec191f14f9a02518d55b6b4 Patch
https://git.kernel.org/stable/c/a68b896aa56e435506453ec8835bc991ec3ae687 Patch
https://git.kernel.org/stable/c/be346c1a6eeb49d8fda827d2a9522124c2f72f36 Patch
https://git.kernel.org/stable/c/c05ffb693bfb42a48ef3ee88a55b57392984e111 Patch
https://git.kernel.org/stable/c/320273b5649bbcee87f9e65343077189699d2a7a Patch
https://git.kernel.org/stable/c/331d1079d58206ff7dc5518185f800b412f89bc6 Patch
https://git.kernel.org/stable/c/9ea2d1c6789722d58ec191f14f9a02518d55b6b4 Patch
https://git.kernel.org/stable/c/a68b896aa56e435506453ec8835bc991ec3ae687 Patch
https://git.kernel.org/stable/c/be346c1a6eeb49d8fda827d2a9522124c2f72f36 Patch
https://git.kernel.org/stable/c/c05ffb693bfb42a48ef3ee88a55b57392984e111 Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-42077 vulnerability anywhere in the article.

  • tripwire.com
VERT Threat Alert: August 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.CVE ... Read more

Published Date: Aug 13, 2024 (8 months, 4 weeks ago)
CVE-2024-38222 CVE-2024-38163 CVE-2024-38223 CVE-2024-38215 CVE-2024-38214 CVE-2024-38213 CVE-2024-38211 CVE-2024-38201 CVE-2024-38199 CVE-2024-38198 ...+176 more CVE

The following table lists the changes that have been made to the CVE-2024-42077 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/320273b5649bbcee87f9e65343077189699d2a7a
    Added Reference https://git.kernel.org/stable/c/331d1079d58206ff7dc5518185f800b412f89bc6
    Added Reference https://git.kernel.org/stable/c/9ea2d1c6789722d58ec191f14f9a02518d55b6b4
    Added Reference https://git.kernel.org/stable/c/a68b896aa56e435506453ec8835bc991ec3ae687
    Added Reference https://git.kernel.org/stable/c/be346c1a6eeb49d8fda827d2a9522124c2f72f36
    Added Reference https://git.kernel.org/stable/c/c05ffb693bfb42a48ef3ee88a55b57392984e111
  • Initial Analysis by [email protected]

    Jul. 30, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Changed Reference Type https://git.kernel.org/stable/c/320273b5649bbcee87f9e65343077189699d2a7a No Types Assigned https://git.kernel.org/stable/c/320273b5649bbcee87f9e65343077189699d2a7a Patch
    Changed Reference Type https://git.kernel.org/stable/c/331d1079d58206ff7dc5518185f800b412f89bc6 No Types Assigned https://git.kernel.org/stable/c/331d1079d58206ff7dc5518185f800b412f89bc6 Patch
    Changed Reference Type https://git.kernel.org/stable/c/9ea2d1c6789722d58ec191f14f9a02518d55b6b4 No Types Assigned https://git.kernel.org/stable/c/9ea2d1c6789722d58ec191f14f9a02518d55b6b4 Patch
    Changed Reference Type https://git.kernel.org/stable/c/a68b896aa56e435506453ec8835bc991ec3ae687 No Types Assigned https://git.kernel.org/stable/c/a68b896aa56e435506453ec8835bc991ec3ae687 Patch
    Changed Reference Type https://git.kernel.org/stable/c/be346c1a6eeb49d8fda827d2a9522124c2f72f36 No Types Assigned https://git.kernel.org/stable/c/be346c1a6eeb49d8fda827d2a9522124c2f72f36 Patch
    Changed Reference Type https://git.kernel.org/stable/c/c05ffb693bfb42a48ef3ee88a55b57392984e111 No Types Assigned https://git.kernel.org/stable/c/c05ffb693bfb42a48ef3ee88a55b57392984e111 Patch
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 4.6 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.7 up to (excluding) 5.10.221 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.162 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.97 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.37 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.9.8
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jul. 29, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not take into account that the IO could be arbitrarily large and can contain arbitrary number of extents. Extent tree manipulations do often extend the current transaction but not in all of the cases. For example if we have only single block extents in the tree, ocfs2_mark_extent_written() will end up calling ocfs2_replace_extent_rec() all the time and we will never extend the current transaction and eventually exhaust all the transaction credits if the IO contains many single block extents. Once that happens a WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in jbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to this error. This was actually triggered by one of our customers on a heavily fragmented OCFS2 filesystem. To fix the issue make sure the transaction always has enough credits for one extent insert before each call of ocfs2_mark_extent_written(). Heming Zhao said: ------ PANIC: "Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error" PID: xxx TASK: xxxx CPU: 5 COMMAND: "SubmitThread-CA" #0 machine_kexec at ffffffff8c069932 #1 __crash_kexec at ffffffff8c1338fa #2 panic at ffffffff8c1d69b9 #3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2] #4 __ocfs2_abort at ffffffffc0c88387 [ocfs2] #5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2] #6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2] #7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2] #8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2] #9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2] #10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2] #11 dio_complete at ffffffff8c2b9fa7 #12 do_blockdev_direct_IO at ffffffff8c2bc09f #13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2] #14 generic_file_direct_write at ffffffff8c1dcf14 #15 __generic_file_write_iter at ffffffff8c1dd07b #16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2] #17 aio_write at ffffffff8c2cc72e #18 kmem_cache_alloc at ffffffff8c248dde #19 do_io_submit at ffffffff8c2ccada #20 do_syscall_64 at ffffffff8c004984 #21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba
    Added Reference kernel.org https://git.kernel.org/stable/c/a68b896aa56e435506453ec8835bc991ec3ae687 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/320273b5649bbcee87f9e65343077189699d2a7a [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/9ea2d1c6789722d58ec191f14f9a02518d55b6b4 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/c05ffb693bfb42a48ef3ee88a55b57392984e111 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/331d1079d58206ff7dc5518185f800b412f89bc6 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/be346c1a6eeb49d8fda827d2a9522124c2f72f36 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-42077 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-42077 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: May. 12, 2025 12:49