CVE-2024-56780 Affecting kernel-debug-devel package, versions *
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RHEL6-KERNELDEBUGDEVEL-8617049
- published10 Jan 2025
- disclosed8 Jan 2025
Introduced: 8 Jan 2025
NewCVE-2024-56780 (opens in a new tab)How to fix?
There is no fixed version for RHEL:6 kernel-debug-devel.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-debug-devel package and not the kernel-debug-devel package as distributed by RHEL.
See How to fix? for RHEL:6 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
quota: flush quota_release_work upon quota writeback
One of the paths quota writeback is called from is:
freeze_super() sync_filesystem() ext4_sync_fs() dquot_writeback_dquots()
Since we currently don't always flush the quota_release_work queue in this path, we can end up with the following race:
- dquot are added to releasing_dquots list during regular operations.
- FS Freeze starts, however, this does not flush the quota_release_work queue.
- Freeze completes.
- Kernel eventually tries to flush the workqueue while FS is frozen which hits a WARN_ON since transaction gets started during frozen state:
ext4_journal_check_start+0x28/0x110 [ext4] (unreliable) __ext4_journal_start_sb+0x64/0x1c0 [ext4] ext4_release_dquot+0x90/0x1d0 [ext4] quota_release_workfn+0x43c/0x4d0
Which is the following line:
WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE);
Which ultimately results in generic/390 failing due to dmesg noise. This was detected on powerpc machine 15 cores.
To avoid this, make sure to flush the workqueue during dquot_writeback_dquots() so we dont have any pending workitems after freeze.
References
- https://access.redhat.com/security/cve/CVE-2024-56780
- https://git.kernel.org/stable/c/3e6ff207cd5bd924ad94cd1a7c633bcdac0ba1cb
- https://git.kernel.org/stable/c/6f3821acd7c3143145999248087de5fb4b48cf26
- https://git.kernel.org/stable/c/8ea87e34792258825d290f4dc5216276e91cb224
- https://git.kernel.org/stable/c/a5abba5e0e586e258ded3e798fe5f69c66fec198
- https://git.kernel.org/stable/c/ab6cfcf8ed2c7496f55d020b65b1d8cd55d9a2cb
- https://git.kernel.org/stable/c/ac6f420291b3fee1113f21d612fa88b628afab5b
- https://git.kernel.org/stable/c/bcacb52a985f1b6d280f698a470b873dfe52728a