Linux Distros のパッチ未適用の脆弱性: CVE-2024-42103

medium Nessus プラグイン ID 248544

Language:

概要

Linux/Unix ホストには、ベンダーにより修正されていないことを示す脆弱性を持つ複数のパッケージがインストールされています。

説明

Linux/Unix ホストには、ベンダーが提供するパッチが利用できない脆弱性の影響を受ける複数のパッケージがインストールされています。

- Linux カーネルでは、以下の脆弱性が解決されています: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfs_reclaim_bgs_work and adding to the unused list. Since the block group is removed from the reclaim list and it is on a relocation work, it can be added into the unused list in parallel. When that happens, adding it to the reclaim list will corrupt the list head and trigger list corruption like below. Fix it by taking fs_info->unused_bgs_lock. [177.504][T2585409] BTRFS error (device nullb1): error relocating ch= unk 2415919104 [177.514][T2585409] list_del corruption. next->prev should be ff1100= 0344b119c0, but was ff11000377e87c70. (next=3Dff110002390cd9c0) [177.529][T2585409] ------------[ cut here ]------------ [177.537][T2585409] kernel BUG at lib/list_debug.c:65! [177.545][T2585409] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [177.555][T2585409] CPU: 9 PID: 2585409 Comm: kworker/u128:2 Tainted: G W 6.10.0-rc5-kts #1 [177.568][T2585409] Hardware name: Supermicro SYS-520P-WTR/X12SPW-TF, BIOS 1.2 02/14/2022 [177.579][T2585409] Workqueue: events_unbound btrfs_reclaim_bgs_work[btrfs] [177.589][T2585409] RIP: 0010:__list_del_entry_valid_or_report.cold+0x70/0x72 [177.624][T2585409] RSP: 0018:ff11000377e87a70 EFLAGS: 00010286 [177.633][T2585409] RAX: 000000000000006d RBX: ff11000344b119c0 RCX:0000000000000000 [177.644][T2585409] RDX: 000000000000006d RSI: 0000000000000008 RDI:ffe21c006efd0f40 [177.655][T2585409] RBP: ff110002e0509f78 R08: 0000000000000001 R09:ffe21c006efd0f08 [177.665][T2585409] R10: ff11000377e87847 R11: 0000000000000000 R12:ff110002390cd9c0 [177.676][T2585409] R13: ff11000344b119c0 R14: ff110002e0508000 R15:dffffc0000000000 [177.687][T2585409] FS: 0000000000000000(0000) GS:ff11000fec880000(0000) knlGS:0000000000000000 [177.700][T2585409] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [177.709][T2585409] CR2: 00007f06bc7b1978 CR3: 0000001021e86005 CR4:0000000000771ef0 [177.720][T2585409] DR0: 0000000000000000 DR1: 0000000000000000 DR2:0000000000000000 [177.731][T2585409] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:0000000000000400 [177.742][T2585409] PKRU: 55555554 [177.748][T2585409] Call Trace: [177.753][T2585409] <TASK> [177.759][T2585409] ? __die_body.cold+0x19/0x27 [177.766][T2585409] ? die+0x2e/0x50 [177.772][T2585409] ? do_trap+0x1ea/0x2d0 [177.779][T2585409] ?
__list_del_entry_valid_or_report.cold+0x70/0x72 [177.788][T2585409] ? do_error_trap+0xa3/0x160 [177.795][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.805][T2585409] ? handle_invalid_op+0x2c/0x40 [177.812][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.820][T2585409] ? exc_invalid_op+0x2d/0x40 [177.827][T2585409] ? asm_exc_invalid_op+0x1a/0x20 [177.834][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.843][T2585409] btrfs_delete_unused_bgs+0x3d9/0x14c0 [btrfs] There is a similar retry_list code in btrfs_delete_unused_bgs(), but it is safe, AFAICS. Since the block group was in the unused list, the used bytes should be 0 when it was added to the unused list. Then, it checks block_group->{used,reserved,pinned} are still 0 under the block_group->lock. So, they should be still eligible for the unused list, not the reclaim list. The reason it is safe there it's because because we're holding space_info->groups_sem in write mode. That means no other task can allocate from the block group, so while we are at deleted_unused_bgs() it's not possible for other tasks to allocate and deallocate extents from the block group, so it can't be added to the unused list or the reclaim list by anyone else.
The bug can be reproduced by btrfs/166 after a few rounds. In practice this can be hit when relocation cannot find more chunk space and ends with ENOSPC. (CVE-2024-42103)

Nessus は、ベンダーによって報告されたパッケージの存在に依存していることに注意してください。

ソリューション

現時点で既知の解決策はありません。

参考資料

https://ubuntu.com/security/CVE-2024-42103

プラグインの詳細

深刻度: Medium

ID: 248544

ファイル名: unpatched_CVE_2024_42103.nasl

バージョン: 1.1

タイプ: local

エージェント: unix

ファミリー: Misc.

公開日: 2025/8/12

更新日: 2025/8/12

サポートされているセンサー: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

リスク情報

VPR

リスクファクター: Medium

スコア: 5.0

CVSS v2

リスクファクター: Medium

基本値: 5.4

現状値: 4

ベクトル: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:C

CVSS スコアのソース: CVE-2024-42103

CVSS v3

リスクファクター: Medium

基本値: 6.1

現状値: 5.3

ベクトル: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

現状ベクトル: CVSS:3.0/E:U/RL:O/RC:C

脆弱性情報

CPE: cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-hwe, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.17, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.19, cpe:/o:canonical:ubuntu_linux:16.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oem, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14, p-cpe:/a:canonical:ubuntu_linux:linux-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-azure, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.6, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.8, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-allwinner-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-intel-iot-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-edge, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-gke-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.0, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gke, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-intel-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.1, p-cpe:/a:canonical:ubuntu_linux:linux-riscv, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10

必要な KB アイテム: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched, Host/OS/identifier

エクスプロイトの容易さ: No known exploits are available

脆弱性公開日: 2024/7/30

参照情報

CVE: CVE-2024-42103