CVE-2024-26773

ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a corrupted block bitmap in the following concurrency and making the situation worse. ext4_mb_regular_allocator ext4_lock_group(sb, group) ext4_mb_good_group // check if the group bbitmap is corrupted ext4_mb_complex_scan_group // Scan group gets ac_b_ex but doesn't use it ext4_unlock_group(sb, group) ext4_mark_group_bitmap_corrupted(group) // The block bitmap was corrupted during // the group unlock gap. ext4_mb_try_best_found ext4_lock_group(ac->ac_sb, group) ext4_mb_use_best_found mb_mark_used // Allocating blocks in block bitmap corrupted group

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea patch
https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d patch
https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03 patch
https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5 patch
https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36 patch
https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1 patch
https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe patch
https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html mailing list

Frequently Asked Questions

What is the severity of CVE-2024-26773?
CVE-2024-26773 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26773?
To fix CVE-2024-26773, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26773 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26773 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26773?
CVE-2024-26773 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.