{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-57924", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-01-19T11:50:08.376Z", "datePublished": "2025-01-19T11:52:42.458Z", "dateUpdated": "2025-01-23T17:01:09.532Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-01-23T17:01:09.532Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: relax assertions on failure to encode file handles\n\nEncoding file handles is usually performed by a filesystem >encode_fh()\nmethod that may fail for various reasons.\n\nThe legacy users of exportfs_encode_fh(), namely, nfsd and\nname_to_handle_at(2) syscall are ready to cope with the possibility\nof failure to encode a file handle.\n\nThere are a few other users of exportfs_encode_{fh,fid}() that\ncurrently have a WARN_ON() assertion when ->encode_fh() fails.\nRelax those assertions because they are wrong.\n\nThe second linked bug report states commit 16aac5ad1fa9 (\"ovl: support\nencoding non-decodable file handles\") in v6.6 as the regressing commit,\nbut this is not accurate.\n\nThe aforementioned commit only increases the chances of the assertion\nand allows triggering the assertion with the reproducer using overlayfs,\ninotify and drop_caches.\n\nTriggering this assertion was always possible with other filesystems and\nother reasons of ->encode_fh() failures and more particularly, it was\nalso possible with the exact same reproducer using overlayfs that is\nmounted with options index=on,nfs_export=on also on kernels < v6.6.\nTherefore, I am not listing the aforementioned commit as a Fixes commit.\n\nBackport hint: this patch will have a trivial conflict applying to\nv6.6.y, and other trivial conflicts applying to stable kernels < v6.6."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/notify/fdinfo.c", "fs/overlayfs/copy_up.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "f47c834a9131ae64bee3c462f4e610c67b0a000f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "adcde2872f8fc399b249758ae1990dcd53b694ea", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "974e3fe0ac61de85015bbe5a4990cf4127b304b2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/notify/fdinfo.c", "fs/overlayfs/copy_up.c"], "versions": [{"version": "6.6.74", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.10", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f47c834a9131ae64bee3c462f4e610c67b0a000f"}, {"url": "https://git.kernel.org/stable/c/adcde2872f8fc399b249758ae1990dcd53b694ea"}, {"url": "https://git.kernel.org/stable/c/974e3fe0ac61de85015bbe5a4990cf4127b304b2"}], "title": "fs: relax assertions on failure to encode file handles", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: relax assertions on failure to encode file handles\n\nEncoding file handles is usually performed by a filesystem >encode_fh()\nmethod that may fail for various reasons.\n\nThe legacy users of exportfs_encode_fh(), namely, nfsd and\nname_to_handle_at(2) syscall are ready to cope with the possibility\nof failure to encode a file handle.\n\nThere are a few other users of exportfs_encode_{fh,fid}() that\ncurrently have a WARN_ON() assertion when ->encode_fh() fails.\nRelax those assertions because they are wrong.\n\nThe second linked bug report states commit 16aac5ad1fa9 (\"ovl: support\nencoding non-decodable file handles\") in v6.6 as the regressing commit,\nbut this is not accurate.\n\nThe aforementioned commit only increases the chances of the assertion\nand allows triggering the assertion with the reproducer using overlayfs,\ninotify and drop_caches.\n\nTriggering this assertion was always possible with other filesystems and\nother reasons of ->encode_fh() failures and more particularly, it was\nalso possible with the exact same reproducer using overlayfs that is\nmounted with options index=on,nfs_export=on also on kernels < v6.6.\nTherefore, I am not listing the aforementioned commit as a Fixes commit.\n\nBackport hint: this patch will have a trivial conflict applying to\nv6.6.y, and other trivial conflicts applying to stable kernels < v6.6."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs: relajar las aserciones en caso de fallo en la codificaci\u00f3n de identificadores de archivos La codificaci\u00f3n de identificadores de archivos normalmente se realiza mediante un m\u00e9todo &gt;encode_fh() del sistema de archivos que puede fallar por varias razones. Los usuarios heredados de exportfs_encode_fh(), es decir, nfsd y la llamada al sistema name_to_handle_at(2) est\u00e1n preparados para hacer frente a la posibilidad de un fallo en la codificaci\u00f3n de un identificador de archivo. Hay algunos otros usuarios de exportfs_encode_{fh,fid}() que actualmente tienen una aserci\u00f3n WARN_ON() cuando -&gt;encode_fh() falla. Relajen esas aserciones porque son incorrectas. El segundo informe de error vinculado indica el commit 16aac5ad1fa9 (\"ovl: compatibilidad con la codificaci\u00f3n de identificadores de archivos no decodificables\") en v6.6 como el commit regresiva, pero esto no es exacto. El commit mencionado anteriormente solo aumenta las posibilidades de la aserci\u00f3n y permite activar la aserci\u00f3n con el reproductor usando overlayfs, inotify y drop_caches. Activar esta aserci\u00f3n siempre fue posible con otros sistemas de archivos y otras razones de fallas de -&gt;encode_fh() y, m\u00e1s particularmente, tambi\u00e9n fue posible con el mismo reproductor exacto usando overlayfs que est\u00e1 montado con las opciones index=on,nfs_export=on tambi\u00e9n en kernels &lt; v6.6. Por lo tanto, no estoy listando el commit mencionado anteriormente como un commit de correcciones. Sugerencia de retroportaci\u00f3n: este parche tendr\u00e1 un conflicto trivial que se aplica a v6.6.y, y otros conflictos triviales que se aplican a kernels estables &lt; v6.6."}], "id": "CVE-2024-57924", "lastModified": "2025-01-23T17:15:21.070", "metrics": {}, "published": "2025-01-19T12:15:26.530", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/974e3fe0ac61de85015bbe5a4990cf4127b304b2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/adcde2872f8fc399b249758ae1990dcd53b694ea"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f47c834a9131ae64bee3c462f4e610c67b0a000f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: fs: relax assertions on failure to encode file handles", "id": "2338849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338849"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-617", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfs: relax assertions on failure to encode file handles\nEncoding file handles is usually performed by a filesystem >encode_fh()\nmethod that may fail for various reasons.\nThe legacy users of exportfs_encode_fh(), namely, nfsd and\nname_to_handle_at(2) syscall are ready to cope with the possibility\nof failure to encode a file handle.\nThere are a few other users of exportfs_encode_{fh,fid}() that\ncurrently have a WARN_ON() assertion when ->encode_fh() fails.\nRelax those assertions because they are wrong.\nThe second linked bug report states commit 16aac5ad1fa9 (\"ovl: support\nencoding non-decodable file handles\") in v6.6 as the regressing commit,\nbut this is not accurate.\nThe aforementioned commit only increases the chances of the assertion\nand allows triggering the assertion with the reproducer using overlayfs,\ninotify and drop_caches.\nTriggering this assertion was always possible with other filesystems and\nother reasons of ->encode_fh() failures and more particularly, it was\nalso possible with the exact same reproducer using overlayfs that is\nmounted with options index=on,nfs_export=on also on kernels < v6.6.\nTherefore, I am not listing the aforementioned commit as a Fixes commit.\nBackport hint: this patch will have a trivial conflict applying to\nv6.6.y, and other trivial conflicts applying to stable kernels < v6.6."], "name": "CVE-2024-57924", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-57924\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-57924\nhttps://lore.kernel.org/linux-cve-announce/2025011943-CVE-2024-57924-954a@gregkh/T"], "threat_severity": "Moderate"}