A new vulnerability in the Linux kernel has been resolved. This vulnerability, assigned the identifier CVE-2024-53176, deals with a race condition issue affecting the Server Message Block (SMB) protocol. To give you a complete understanding of the issue, we will dive into the technical details, provide the original references, and discuss the exploit details. The vulnerability has been resolved by ensuring all cached directory instances during unmounting drop their dentries.

Description

The unmounting process in the Linux kernel's implementation of the SMB protocol was found to be riddled with a race condition issue. This vulnerability could result in the dentries not being dropped, leading to kernel BUGs. Specifically:

BUG: Dentry ffff88814f37e358{i=100000000008,n=/}  still in use (2) [unmount of cifs cifs]
VFS: Busy inodes after unmount of cifs (cifs)
------------[ cut here ]------------
kernel BUG at fs/super.c:661

This tends to happen when a cfid is being cleaned up and has been removed from the cfids->entries list, including situations such as receiving a lease break from the server, server reconnection triggering invalidate_all_cached_dirs(), or the laundromat thread deciding to expire an old cfid.

Resolution

The resolution for this vulnerability lies in dropping the dentries in queued work done in a newly-added cfid_put_wq workqueue. In addition, close_all_cached_dirs() now flushes that workqueue after it drops all the dentries it is aware of. The final cleanup work for cleaning up a cfid is performed via work queued in the serverclose_wq workqueue. Both of these queued works are expected to be invoked with a cfid reference and a tcon reference to avoid those objects being freed while the work is ongoing.

Furthermore, proper locking has been added to close_all_cached_dirs(), and locking around the freeing of cfid->dentry has also been implemented.

Original References

1. Linux Kernel Mailing List (LKML) announcement
2. CVE-2024-53176 on CVE Details
3. Related Linux Kernel Commit on GitHub

Exploit Details

While there have not yet been any reported cases of exploitation for this vulnerability, it is crucial to understand how it works to ensure systems stay protected. The race condition could potentially result in dentries not being dropped, which would cause kernel BUGs. Attackers could exploit these bugs to gain unauthorized access, cause system crashes, or carry out other malicious activities. To safeguard against such attacks, it is essential to apply the security patches and updates available from the Linux kernel developers.

Conclusion

CVE-2024-53176 represents a critical vulnerability in the Linux kernel that could have potentially serious implications if left unaddressed. With the proper resolution now in place, systems can be protected against exploitation of this vulnerability. Ensure that your Linux kernel is updated with the latest security patches to safeguard against this and other vulnerabilities.

Timeline

Published on: 12/27/2024 14:15:24 UTC
Last modified on: 01/20/2025 06:20:38 UTC