CVE-2024-26848 Affecting kernel-source-azure package, versions <6.4.0-150600.8.5.4


Severity

Recommended
0.0
low
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.05% (19th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES156-KERNELSOURCEAZURE-7346312
  • published22 Jun 2024
  • disclosed21 Jun 2024

Introduced: 21 Jun 2024

CVE-2024-26848  (opens in a new tab)

How to fix?

Upgrade SLES:15.6 kernel-source-azure to version 6.4.0-150600.8.5.4 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-source-azure package and not the kernel-source-azure package as distributed by SLES. See How to fix? for SLES:15.6 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

afs: Fix endless loop in directory parsing

If a directory has a block with only ".__afsXXXX" files in it (from uncompleted silly-rename), these .__afsXXXX files are skipped but without advancing the file position in the dir_context. This leads to afs_dir_iterate() repeating the block again and again.

Fix this by making the code that skips the .__afsXXXX file also manually advance the file position.

The symptoms are a soft lookup:

    watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737]
    ...
    RIP: 0010:afs_dir_iterate_block+0x39/0x1fd
    ...
     ? watchdog_timer_fn+0x1a6/0x213
    ...
     ? asm_sysvec_apic_timer_interrupt+0x16/0x20
     ? afs_dir_iterate_block+0x39/0x1fd
     afs_dir_iterate+0x10a/0x148
     afs_readdir+0x30/0x4a
     iterate_dir+0x93/0xd3
     __do_sys_getdents64+0x6b/0xd4

This is almost certainly the actual fix for:

    https://bugzilla.kernel.org/show_bug.cgi?id=218496

CVSS Scores

version 3.1