CVE-2024-47726
Published: October 23, 2024Last modified: October 23, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | HIGH |
| Availability impact | NONE |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.130-r0) |
| Stream | linux-lts | Fixed (6.6.70-r0) |
References
- https://git.kernel.org/stable/c/3aa5254d80969cb576601fb9fec7a188cc8dc169
- https://git.kernel.org/stable/c/7be13b73409b553d9d9a6cbb042b4d19e2631cc7
- https://git.kernel.org/stable/c/96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d
- https://git.kernel.org/stable/c/c2a7fc514637f640ff55c3f3e3ed879970814a3f
- https://git.kernel.org/stable/c/e3db757ff9b7101ae68650ac5f6dd5743b68164e
- https://git.kernel.org/stable/c/f81302decd64245bb1bd154ecae0f65a9ee21f04