Upstream information
Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between ordered extent completion and fiemap For fiemap we recently stopped locking the target extent range for the whole duration of the fiemap call, in order to avoid a deadlock in a scenario where the fiemap buffer happens to be a memory mapped range of the same file. This use case is very unlikely to be useful in practice but it may be triggered by fuzz testing (syzbot, etc). However by not locking the target extent range for the whole duration of the fiemap call we can race with an ordered extent. This happens like this: 1) The fiemap task finishes processing a file extent item that covers the file range [512K, 1M[, and that file extent item is the last item in the leaf currently being processed; 2) And ordered extent for the file range [768K, 2M[, in COW mode, completes (btrfs_finish_one_ordered()) and the file extent item covering the range [512K, 1M[ is trimmed to cover the range [512K, 768K[ and then a new file extent item for the range [768K, 2M[ is inserted in the inode's subvolume tree; 3) The fiemap task calls fiemap_next_leaf_item(), which then calls btrfs_next_leaf() to find the next leaf / item. This finds that the the next key following the one we previously processed (its type is BTRFS_EXTENT_DATA_KEY and its offset is 512K), is the key corresponding to the new file extent item inserted by the ordered extent, which has a type of BTRFS_EXTENT_DATA_KEY and an offset of 768K; 4) Later the fiemap code ends up at emit_fiemap_extent() and triggers the warning: if (cache->offset + cache->len > offset) { WARN_ON(1); return -EINVAL; } Since we get 1M > 768K, because the previously emitted entry for the old extent covering the file range [512K, 1M[ ends at an offset that is greater than the new extent's start offset (768K). This makes fiemap fail with -EINVAL besides triggering the warning that produces a stack trace like the following: [1621.677651] ------------[ cut here ]------------ [1621.677656] WARNING: CPU: 1 PID: 204366 at fs/btrfs/extent_io.c:2492 emit_fiemap_extent+0x84/0x90 [btrfs] [1621.677899] Modules linked in: btrfs blake2b_generic (...) [1621.677951] CPU: 1 PID: 204366 Comm: pool Not tainted 6.8.0-rc5-btrfs-next-151+ #1 [1621.677954] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014 [1621.677956] RIP: 0010:emit_fiemap_extent+0x84/0x90 [btrfs] [1621.678033] Code: 2b 4c 89 63 (...) [1621.678035] RSP: 0018:ffffab16089ffd20 EFLAGS: 00010206 [1621.678037] RAX: 00000000004fa000 RBX: ffffab16089ffe08 RCX: 0000000000009000 [1621.678039] RDX: 00000000004f9000 RSI: 00000000004f1000 RDI: ffffab16089ffe90 [1621.678040] RBP: 00000000004f9000 R08: 0000000000001000 R09: 0000000000000000 [1621.678041] R10: 0000000000000000 R11: 0000000000001000 R12: 0000000041d78000 [1621.678043] R13: 0000000000001000 R14: 0000000000000000 R15: ffff9434f0b17850 [1621.678044] FS: 00007fa6e20006c0(0000) GS:ffff943bdfa40000(0000) knlGS:0000000000000000 [1621.678046] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [1621.678048] CR2: 00007fa6b0801000 CR3: 000000012d404002 CR4: 0000000000370ef0 [1621.678053] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [1621.678055] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [1621.678056] Call Trace: [1621.678074] <TASK> [1621.678076] ? __warn+0x80/0x130 [1621.678082] ? emit_fiemap_extent+0x84/0x90 [btrfs] [1621.678159] ? report_bug+0x1f4/0x200 [1621.678164] ? handle_bug+0x42/0x70 [1621.678167] ? exc_invalid_op+0x14/0x70 [1621.678170] ? asm_exc_invalid_op+0x16/0x20 [1621.678178] ? emit_fiemap_extent+0x84/0x90 [btrfs] [1621.678253] extent_fiemap+0x766 ---truncated---SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| SUSE | |
|---|---|
| Base Score | 5.5 |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
Status of this issue by product and package
Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification. The updates are grouped by state of their lifecycle. SUSE product lifecycles are documented on the lifecycle page.
| Product(s) | Source package | State |
|---|---|---|
| Products under general support and receiving all security fixes. | ||
| SUSE Enterprise Storage 7.1 | kernel-default | Not affected |
| SUSE Enterprise Storage 7.1 | kernel-source | Not affected |
| SUSE Enterprise Storage 7.1 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Desktop 15 SP5 | kernel-default | Not affected |
| SUSE Linux Enterprise Desktop 15 SP5 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 12 SP5 | kernel-default | Not affected |
| SUSE Linux Enterprise High Performance Computing 12 SP5 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 12 SP5 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | kernel-default | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Micro 5.1 | kernel-default | Not affected |
| SUSE Linux Enterprise Micro 5.1 | kernel-rt | Not affected |
| SUSE Linux Enterprise Micro 5.1 | kernel-source-rt | Not affected |
| SUSE Linux Enterprise Micro 5.2 | kernel-default | Not affected |
| SUSE Linux Enterprise Micro 5.2 | kernel-rt | Not affected |
| SUSE Linux Enterprise Micro 5.2 | kernel-source-rt | Not affected |
| SUSE Linux Enterprise Micro 5.3 | kernel-default | Not affected |
| SUSE Linux Enterprise Micro 5.3 | kernel-rt | Not affected |
| SUSE Linux Enterprise Micro 5.3 | kernel-source-rt | Not affected |
| SUSE Linux Enterprise Micro 5.4 | kernel-default | Not affected |
| SUSE Linux Enterprise Micro 5.4 | kernel-rt | Not affected |
| SUSE Linux Enterprise Micro 5.4 | kernel-source-rt | Not affected |
| SUSE Linux Enterprise Micro 5.5 | kernel-source-rt | Not affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | kernel-default | Not affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP5 | kernel-default | Not affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP5 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP5 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Real Time 12 SP5 | kernel-source-rt | Not affected |
| SUSE Linux Enterprise Real Time 15 SP5 | kernel-source-rt | Not affected |
| SUSE Linux Enterprise Server 12 SP5 | kernel-default | Not affected |
| SUSE Linux Enterprise Server 12 SP5 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP5 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server 15 SP5 | kernel-default | Not affected |
| SUSE Linux Enterprise Server 15 SP5 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP5 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | kernel-default | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | kernel-default | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | kernel-source-azure | Not affected |
| SUSE Manager Proxy 4.3 | kernel-default | Not affected |
| SUSE Manager Proxy 4.3 | kernel-source | Not affected |
| SUSE Manager Proxy 4.3 | kernel-source-azure | Not affected |
| SUSE Manager Retail Branch Server 4.3 | kernel-default | Not affected |
| SUSE Manager Retail Branch Server 4.3 | kernel-source | Not affected |
| SUSE Manager Retail Branch Server 4.3 | kernel-source-azure | Not affected |
| SUSE Manager Server 4.3 | kernel-default | Not affected |
| SUSE Manager Server 4.3 | kernel-source | Not affected |
| SUSE Manager Server 4.3 | kernel-source-azure | Not affected |
| SUSE Real Time Module 15 SP5 | kernel-source-rt | Not affected |
| Products under Long Term Service Pack support and receiving important and critical security fixes. | ||
| SUSE Linux Enterprise Desktop 15 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | kernel-default | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP4 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE | kernel-default | Not affected |
| SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP2 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP3 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP4 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | kernel-default | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | kernel-default | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | kernel-default | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | kernel-source-azure | Not affected |
| SUSE OpenStack Cloud 8 | kernel-source | Not affected |
| SUSE OpenStack Cloud 9 | kernel-default | Not affected |
| SUSE OpenStack Cloud 9 | kernel-source | Not affected |
| Products past their end of life and not receiving proactive updates anymore. | ||
| HPE Helion OpenStack 8 | kernel-source | Not affected |
| SUSE CaaS Platform 4.0 | kernel-source | Not affected |
| SUSE Enterprise Storage 6 | kernel-source | Not affected |
| SUSE Enterprise Storage 7 | kernel-source | Not affected |
| SUSE Enterprise Storage 7 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Desktop 12 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Desktop 12 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Desktop 12 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise Desktop 15 | kernel-source | Not affected |
| SUSE Linux Enterprise Desktop 15 SP1 | kernel-source | Not affected |
| SUSE Linux Enterprise Desktop 15 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Desktop 15 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Micro 5.0 | kernel-default | Not affected |
| SUSE Linux Enterprise Module for Basesystem 15 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP1 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Development Tools 15 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP1 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP2 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP3 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Real Time 15 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Real Time 15 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Real Time 15 SP3 | kernel-source-rt | Not affected |
| SUSE Linux Enterprise Real Time 15 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise Real Time 15 SP4 | kernel-source-rt | Not affected |
| SUSE Linux Enterprise Server 11 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 11 SP4 LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise Server 11 SP4 LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 11 SP4-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP2-BCL | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP2-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP2-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP3-BCL | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP3-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP3-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP4-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP4-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise Server 12 SP4-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP1 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP1-BCL | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP2-BCL | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP3-BCL | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise Server 15-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | kernel-default | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | kernel-source | Not affected |
| SUSE Manager Proxy 4.0 | kernel-source | Not affected |
| SUSE Manager Proxy 4.1 | kernel-source | Not affected |
| SUSE Manager Proxy 4.1 | kernel-source-azure | Not affected |
| SUSE Manager Proxy 4.2 | kernel-source | Not affected |
| SUSE Manager Proxy 4.2 | kernel-source-azure | Not affected |
| SUSE Manager Retail Branch Server 4.0 | kernel-source | Not affected |
| SUSE Manager Retail Branch Server 4.1 | kernel-source | Not affected |
| SUSE Manager Retail Branch Server 4.1 | kernel-source-azure | Not affected |
| SUSE Manager Retail Branch Server 4.2 | kernel-source | Not affected |
| SUSE Manager Retail Branch Server 4.2 | kernel-source-azure | Not affected |
| SUSE Manager Server 4.0 | kernel-source | Not affected |
| SUSE Manager Server 4.1 | kernel-source | Not affected |
| SUSE Manager Server 4.1 | kernel-source-azure | Not affected |
| SUSE Manager Server 4.2 | kernel-source | Not affected |
| SUSE Manager Server 4.2 | kernel-source-azure | Not affected |
| SUSE OpenStack Cloud 7 | kernel-source | Not affected |
| SUSE OpenStack Cloud Crowbar 8 | kernel-source | Not affected |
| SUSE OpenStack Cloud Crowbar 9 | kernel-default | Not affected |
| SUSE OpenStack Cloud Crowbar 9 | kernel-source | Not affected |
| SUSE Real Time Module 15 SP3 | kernel-source-rt | Not affected |
| SUSE Real Time Module 15 SP4 | kernel-source-rt | Not affected |
SUSE Timeline for this CVE
CVE page created: Thu Apr 4 12:00:15 2024CVE page last modified: Mon Apr 29 19:17:16 2024