CVE-2024-50191 Affecting kernel-cross-headers package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-KERNELCROSSHEADERS-8404675
- published 26 Nov 2024
- disclosed 8 Nov 2024
How to fix?
There is no fixed version for RHEL:8 kernel-cross-headers.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-cross-headers package and not the kernel-cross-headers package as distributed by RHEL.
See How to fix? for RHEL:8 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
ext4: don't set SB_RDONLY after filesystem errors
When the filesystem is mounted with errors=remount-ro, we were setting SB_RDONLY flag to stop all filesystem modifications. We knew this misses proper locking (sb->s_umount) and does not go through proper filesystem remount procedure but it has been the way this worked since early ext2 days and it was good enough for catastrophic situation damage mitigation. Recently, syzbot has found a way (see link) to trigger warnings in filesystem freezing because the code got confused by SB_RDONLY changing under its hands. Since these days we set EXT4_FLAGS_SHUTDOWN on the superblock which is enough to stop all filesystem modifications, modifying SB_RDONLY shouldn't be needed. So stop doing that.
References
- https://access.redhat.com/security/cve/CVE-2024-50191
- https://git.kernel.org/stable/c/4061e07f040a091f694f461b86a26cf95ae66439
- https://git.kernel.org/stable/c/58c0648e4c773f5b54f0cb63bc8c7c6bf52719a9
- https://git.kernel.org/stable/c/d3476f3dad4ad68ae5f6b008ea6591d1520da5d8
- https://git.kernel.org/stable/c/ee77c388469116565e009eaa704a60bc78489e09
- https://git.kernel.org/stable/c/fbb177bc1d6487cd3e9b50ae0be2781b7297980d