SB20241230243 - Race condition in Linux kernel ext4
Published: December 30, 2024 Updated: May 11, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition (CVE-ID: CVE-2024-56686)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the MODULE_ALIAS(), __ext4_read_bh(), ext4_read_bh_nowait(), ext4_read_bh(), ext4_read_bh_lock() and ext4_sb_breadahead_unmovable() functions in fs/ext4/super.c, within the ext4_get_bitmap() function in fs/ext4/resize.c, within the mext_page_mkuptodate() function in fs/ext4/move_extent.c, within the read_mmp_block() function in fs/ext4/mmp.c, within the trace_ext4_load_inode() function in fs/ext4/inode.c, within the ext4_get_branch() function in fs/ext4/indirect.c, within the ext4_read_inode_bitmap() function in fs/ext4/ialloc.c, within the __read_extent_tree_block() function in fs/ext4/extents.c, within the ext4_read_block_bitmap_nowait() and ext4_wait_block_bitmap() functions in fs/ext4/balloc.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/25a5acf88fed59e060405bbb48098f4a3a2c2adc
- https://git.kernel.org/stable/c/2f3d93e210b9c2866c8b3662adae427d5bf511ec
- https://git.kernel.org/stable/c/61832ee7fa2fbd569d129379e795038abfb0d128
- https://git.kernel.org/stable/c/77035e4d27e15f87ea55929c8bb8fb1970129e2f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.64