摘要:

In the Linux kernel, the following vulnerability has been resolved:btrfs: zoned: fix use-after-free due to race with dev replaceWhile loading a zone s info during creation of a block group, we can racewith a device replace operation and then trigger a use-after-free on thedevice that was just replaced (source device of the replace operation).This happens because at btrfs_load_zone_info() we extract a device fromthe chunk map into a local variable and then use the device while notunder the protection of the device replace rwsem. So if there s a devicereplace operation happening when we extract the device and that deviceis the source of the replace operation, we will trigger a use-after-freeif before we finish using the device the replace operation finishes andfrees the device.Fix this by enlarging the critical section under the protection of thedevice replace rwsem so that all uses of the device are done inside thecritical section.

安全等级: Low

公告ID: KylinSec-SA-2024-3216

发布日期: 2024年7月26日

关联CVE: CVE-2024-39496