CVE-2024-46734Race Condition in Linux

CWE-362Race Condition5 documents5 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 99.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd If we have 2 threads that are using the same file descriptor and one of them is doing direct IO writes while the other is doing fsync, we have a race where we can end up either: 1) Attempt a fsync without holding the inode's lock, triggering an assertion failures when assertions are enabled; 2) Do an invalid memory access from the fsync task because the fil

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel5.15.1655.15.167+4
Debianlinux/linux_kernel< 6.1.112-1+2
CVEListV5linux/linux4e17707035a65f6e5b2a4d987a308cf8ed8c5ad1d116a0b0e02f395cedfb8c725bd67480aa7c428c+8
debiandebian/linux< linux 6.1.112-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.112-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2024-46734: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd If we have 22024-09-18
GHSA
GHSA-pw8w-hq42-r2hw: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd If we have2024-09-18

📋Vendor Advisories

2
Red Hat
kernel: btrfs: fix race between direct IO write and fsync when using same fd2024-09-18
Debian
CVE-2024-46734: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix ...2024