CVE-2024-42315

exfat: fix potential deadlock on __exfat_get_dentry_set

Description

In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on __exfat_get_dentry_set When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array is allocated in __exfat_get_entry_set. The problem is that the bh-array is allocated with GFP_KERNEL. It does not make sense. In the following cases, a deadlock for sbi->s_lock between the two processes may occur. CPU0 CPU1 ---- ---- kswapd balance_pgdat lock(fs_reclaim) exfat_iterate lock(&sbi->s_lock) exfat_readdir exfat_get_uniname_from_ext_entry exfat_get_dentry_set __exfat_get_dentry_set kmalloc_array ... lock(fs_reclaim) ... evict exfat_evict_inode lock(&sbi->s_lock) To fix this, let's allocate bh-array with GFP_NOFS.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/632fb232b6bbf8277edcbe9ecd4b4d98ecb122eb
https://git.kernel.org/stable/c/c052f775ee6ccacd3c97e4cf41a2a657e63d4259
https://git.kernel.org/stable/c/cd1c7858641384191ff7033fb1fc65dfcd559c6f
https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b patch
https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62 patch
https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9 patch

Frequently Asked Questions

What is the severity of CVE-2024-42315?
CVE-2024-42315 has been scored as a medium severity vulnerability.
How to fix CVE-2024-42315?
To fix CVE-2024-42315, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-42315 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-42315 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42315?
CVE-2024-42315 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.