U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NOTICE UPDATED - May, 29th 2024

The NVD has a new announcement page with status updates, news, and how to stay connected!

CVE-2024-26848 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: afs: Fix endless loop in directory parsing If a directory has a block with only ".__afsXXXX" files in it (from uncompleted silly-rename), these .__afsXXXX files are skipped but without advancing the file position in the dir_context. This leads to afs_dir_iterate() repeating the block again and again. Fix this by making the code that skips the .__afsXXXX file also manually advance the file position. The symptoms are a soft lookup: watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737] ... RIP: 0010:afs_dir_iterate_block+0x39/0x1fd ... ? watchdog_timer_fn+0x1a6/0x213 ... ? asm_sysvec_apic_timer_interrupt+0x16/0x20 ? afs_dir_iterate_block+0x39/0x1fd afs_dir_iterate+0x10a/0x148 afs_readdir+0x30/0x4a iterate_dir+0x93/0xd3 __do_sys_getdents64+0x6b/0xd4 This is almost certainly the actual fix for: https://bugzilla.kernel.org/show_bug.cgi?id=218496


Severity



CVSS 4.0 Severity and Metrics:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.


NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.

Note: NVD Analysts have not published a CVSS score for this CVE at this time. NVD Analysts use publicly available information at the time of analysis to associate CVSS vector strings.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/058ed71e0f7aa3b6694ca357e23d084e5d3f2470
https://git.kernel.org/stable/c/106e14ca55a0acb3236ee98813a1d243f8aa2d05
https://git.kernel.org/stable/c/2afdd0cb02329464d77f3ec59468395c791a51a4
https://git.kernel.org/stable/c/5c78be006ed9cb735ac2abf4fd64f3f4ea26da31
https://git.kernel.org/stable/c/5f7a07646655fb4108da527565dcdc80124b14c4
https://git.kernel.org/stable/c/76426abf9b980b46983f97de8e5b25047b4c9863
https://git.kernel.org/stable/c/80b15346492bdba677bbb0adefc611910e505f7b
https://git.kernel.org/stable/c/854ebf45a4ddd4cadeffb6644e88d19020634e1a
https://git.kernel.org/stable/c/96370ba395c572ef496fd2c7afc4a1ab3dedd3f0
https://git.kernel.org/stable/c/9c41f4935625218a2053a2dce1423c3054169809
https://git.kernel.org/stable/c/a6ffae61ad9ebf2fdcb943135b2f30c85f49cd27
https://git.kernel.org/stable/c/b94f434fe977689da4291dc21717790b9bd1c064
https://git.kernel.org/stable/c/f67898867b6b0f4542cddc7fe57997978b948a7a
https://git.kernel.org/stable/c/fe02316e4933befc621fa125efb8f8b4d04cceec

Weakness Enumeration

CWE-ID CWE Name Source

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-26848
NVD Published Date:
04/17/2024
NVD Last Modified:
04/17/2024
Source:
kernel.org