CVE-2024-47690 Affecting kernel-uek-modules package, versions <0:5.15.0-303.171.5.2.el9uek
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-ORACLE9-KERNELUEKMODULES-8530924
- published19 Dec 2024
- disclosed21 Oct 2024
Introduced: 21 Oct 2024
CVE-2024-47690 (opens in a new tab)How to fix?
Upgrade Oracle:9 kernel-uek-modules to version 0:5.15.0-303.171.5.2.el9uek or higher.
This issue was patched in ELSA-2024-12887.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-uek-modules package and not the kernel-uek-modules package as distributed by Oracle.
See How to fix? for Oracle:9 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
f2fs: get rid of online repaire on corrupted directory
syzbot reports a f2fs bug as below:
kernel BUG at fs/f2fs/inode.c:896! RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 Call Trace: evict+0x532/0x950 fs/inode.c:704 dispose_list fs/inode.c:747 [inline] evict_inodes+0x5f9/0x690 fs/inode.c:797 generic_shutdown_super+0x9d/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1696 kill_f2fs_super+0x344/0x690 fs/f2fs/super.c:4898 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1373 task_work_run+0x24f/0x310 kernel/task_work.c:228 ptrace_notify+0x2d2/0x380 kernel/signal.c:2402 ptrace_report_syscall include/linux/ptrace.h:415 [inline] ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline] syscall_exit_work+0xc6/0x190 kernel/entry/common.c:173 syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline] syscall_exit_to_user_mode+0x279/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896
Online repaire on corrupted directory in f2fs_lookup() can generate dirty data/meta while racing w/ readonly remount, it may leave dirty inode after filesystem becomes readonly, however, checkpoint() will skips flushing dirty inode in a state of readonly mode, result in above panic.
Let's get rid of online repaire in f2fs_lookup(), and leave the work to fsck.f2fs.
References
- https://linux.oracle.com/cve/CVE-2024-47690.html
- https://linux.oracle.com/errata/ELSA-2024-12887.html
- https://git.kernel.org/stable/c/884ee6dc85b959bc152f15bca80c30f06069e6c4
- https://git.kernel.org/stable/c/8be95cd607478d85fa4626e86f811e785905bcbf
- https://git.kernel.org/stable/c/bcefd0b0611f35b560d0a7281d87529fbe7a1e32
- https://git.kernel.org/stable/c/e8d64f598eeb079c42a52deaa3a91312c736a49d
- https://git.kernel.org/stable/c/f4746f2d79507f65cfbde11d3c39ee8338aa50af
- https://git.kernel.org/stable/c/f9ce2f550d53d044ecfb5ce996406cf42cd6b84d