{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-53182", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:25.009Z", "datePublished": "2024-12-27T13:49:25.670Z", "dateUpdated": "2026-05-11T20:52:25.857Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:52:25.857Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()\"\n\nThis reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de.\n\nThe bic is associated with sync_bfqq, and bfq_release_process_ref cannot\nbe put into bfq_put_cooperator.\n\nkasan report:\n[ 400.347277] ==================================================================\n[ 400.347287] BUG: KASAN: slab-use-after-free in bic_set_bfqq+0x200/0x230\n[ 400.347420] Read of size 8 at addr ffff88881cab7d60 by task dockerd/5800\n[ 400.347430]\n[ 400.347436] CPU: 24 UID: 0 PID: 5800 Comm: dockerd Kdump: loaded Tainted: G E 6.12.0 #32\n[ 400.347450] Tainted: [E]=UNSIGNED_MODULE\n[ 400.347454] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022\n[ 400.347460] Call Trace:\n[ 400.347464] <TASK>\n[ 400.347468] dump_stack_lvl+0x5d/0x80\n[ 400.347490] print_report+0x174/0x505\n[ 400.347521] kasan_report+0xe0/0x160\n[ 400.347541] bic_set_bfqq+0x200/0x230\n[ 400.347549] bfq_bic_update_cgroup+0x419/0x740\n[ 400.347560] bfq_bio_merge+0x133/0x320\n[ 400.347584] blk_mq_submit_bio+0x1761/0x1e20\n[ 400.347625] __submit_bio+0x28b/0x7b0\n[ 400.347664] submit_bio_noacct_nocheck+0x6b2/0xd30\n[ 400.347690] iomap_readahead+0x50c/0x680\n[ 400.347731] read_pages+0x17f/0x9c0\n[ 400.347785] page_cache_ra_unbounded+0x366/0x4a0\n[ 400.347795] filemap_fault+0x83d/0x2340\n[ 400.347819] __xfs_filemap_fault+0x11a/0x7d0 [xfs]\n[ 400.349256] __do_fault+0xf1/0x610\n[ 400.349270] do_fault+0x977/0x11a0\n[ 400.349281] __handle_mm_fault+0x5d1/0x850\n[ 400.349314] handle_mm_fault+0x1f8/0x560\n[ 400.349324] do_user_addr_fault+0x324/0x970\n[ 400.349337] exc_page_fault+0x76/0xf0\n[ 400.349350] asm_exc_page_fault+0x26/0x30\n[ 400.349360] RIP: 0033:0x55a480d77375\n[ 400.349384] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 ae 02 00 00 55 48 89 e5 48 83 ec 58 48 8b 10 <83> 7a 10 00 0f 84 27 02 00 00 44 0f b6 42 28 44 0f b6 4a 29 41 80\n[ 400.349392] RSP: 002b:00007f18c37fd8b8 EFLAGS: 00010216\n[ 400.349401] RAX: 00007f18c37fd9d0 RBX: 0000000000000000 RCX: 0000000000000000\n[ 400.349407] RDX: 000055a484407d38 RSI: 000000c000e8b0c0 RDI: 0000000000000000\n[ 400.349412] RBP: 00007f18c37fd910 R08: 000055a484017f60 R09: 000055a484066f80\n[ 400.349417] R10: 0000000000194000 R11: 0000000000000005 R12: 0000000000000008\n[ 400.349422] R13: 0000000000000000 R14: 000000c000476a80 R15: 0000000000000000\n[ 400.349430] </TASK>\n[ 400.349452]\n[ 400.349454] Allocated by task 5800:\n[ 400.349459] kasan_save_stack+0x30/0x50\n[ 400.349469] kasan_save_track+0x14/0x30\n[ 400.349475] __kasan_slab_alloc+0x89/0x90\n[ 400.349482] kmem_cache_alloc_node_noprof+0xdc/0x2a0\n[ 400.349492] bfq_get_queue+0x1ef/0x1100\n[ 400.349502] __bfq_get_bfqq_handle_split+0x11a/0x510\n[ 400.349511] bfq_insert_requests+0xf55/0x9030\n[ 400.349519] blk_mq_flush_plug_list+0x446/0x14c0\n[ 400.349527] __blk_flush_plug+0x27c/0x4e0\n[ 400.349534] blk_finish_plug+0x52/0xa0\n[ 400.349540] _xfs_buf_ioapply+0x739/0xc30 [xfs]\n[ 400.350246] __xfs_buf_submit+0x1b2/0x640 [xfs]\n[ 400.350967] xfs_buf_read_map+0x306/0xa20 [xfs]\n[ 400.351672] xfs_trans_read_buf_map+0x285/0x7d0 [xfs]\n[ 400.352386] xfs_imap_to_bp+0x107/0x270 [xfs]\n[ 400.353077] xfs_iget+0x70d/0x1eb0 [xfs]\n[ 400.353786] xfs_lookup+0x2ca/0x3a0 [xfs]\n[ 400.354506] xfs_vn_lookup+0x14e/0x1a0 [xfs]\n[ 400.355197] __lookup_slow+0x19c/0x340\n[ 400.355204] lookup_one_unlocked+0xfc/0x120\n[ 400.355211] ovl_lookup_single+0x1b3/0xcf0 [overlay]\n[ 400.355255] ovl_lookup_layer+0x316/0x490 [overlay]\n[ 400.355295] ovl_lookup+0x844/0x1fd0 [overlay]\n[ 400.355351] lookup_one_qstr_excl+0xef/0x150\n[ 400.355357] do_unlinkat+0x22a/0x620\n[ 400.355366] __x64_sys_unlinkat+0x109/0x1e0\n[ 400.355375] do_syscall_64+0x82/0x160\n[ 400.355384] entry_SYSCALL_64_after_hwframe+0x76/0x7\n---truncated---"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["block/bfq-cgroup.c", "block/bfq-iosched.c"], "versions": [{"version": "bc3b1e9e7c50e1de0f573eea3871db61dd4787de", "lessThan": "7baf94232651f39f7108c23bc9548bff89bdc77b", "status": "affected", "versionType": "git"}, {"version": "bc3b1e9e7c50e1de0f573eea3871db61dd4787de", "lessThan": "cf5a60d971c7b59efb89927919404be655a9e35a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["block/bfq-cgroup.c", "block/bfq-iosched.c"], "versions": [{"version": "6.12", "status": "affected"}, {"version": "0", "lessThan": "6.12", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.2", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.12.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7baf94232651f39f7108c23bc9548bff89bdc77b"}, {"url": "https://git.kernel.org/stable/c/cf5a60d971c7b59efb89927919404be655a9e35a"}], "title": "Revert \"block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()\"", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-53182", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-06T16:09:12.271456Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-06T16:14:33.459Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-53182", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-06T16:09:12.271456Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-06T16:09:13.536Z"}}], "cna": {"title": "Revert \"block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()\"", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "bc3b1e9e7c50e1de0f573eea3871db61dd4787de", "lessThan": "7baf94232651f39f7108c23bc9548bff89bdc77b", "versionType": "git"}, {"status": "affected", "version": "bc3b1e9e7c50e1de0f573eea3871db61dd4787de", "lessThan": "cf5a60d971c7b59efb89927919404be655a9e35a", "versionType": "git"}], "programFiles": ["block/bfq-cgroup.c", "block/bfq-iosched.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.12"}, {"status": "unaffected", "version": "0", "lessThan": "6.12", "versionType": "semver"}, {"status": "unaffected", "version": "6.12.2", "versionType": "semver", "lessThanOrEqual": "6.12.*"}, {"status": "unaffected", "version": "6.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["block/bfq-cgroup.c", "block/bfq-iosched.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/7baf94232651f39f7108c23bc9548bff89bdc77b"}, {"url": "https://git.kernel.org/stable/c/cf5a60d971c7b59efb89927919404be655a9e35a"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()\"\n\nThis reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de.\n\nThe bic is associated with sync_bfqq, and bfq_release_process_ref cannot\nbe put into bfq_put_cooperator.\n\nkasan report:\n[ 400.347277] ==================================================================\n[ 400.347287] BUG: KASAN: slab-use-after-free in bic_set_bfqq+0x200/0x230\n[ 400.347420] Read of size 8 at addr ffff88881cab7d60 by task dockerd/5800\n[ 400.347430]\n[ 400.347436] CPU: 24 UID: 0 PID: 5800 Comm: dockerd Kdump: loaded Tainted: G E 6.12.0 #32\n[ 400.347450] Tainted: [E]=UNSIGNED_MODULE\n[ 400.347454] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022\n[ 400.347460] Call Trace:\n[ 400.347464] <TASK>\n[ 400.347468] dump_stack_lvl+0x5d/0x80\n[ 400.347490] print_report+0x174/0x505\n[ 400.347521] kasan_report+0xe0/0x160\n[ 400.347541] bic_set_bfqq+0x200/0x230\n[ 400.347549] bfq_bic_update_cgroup+0x419/0x740\n[ 400.347560] bfq_bio_merge+0x133/0x320\n[ 400.347584] blk_mq_submit_bio+0x1761/0x1e20\n[ 400.347625] __submit_bio+0x28b/0x7b0\n[ 400.347664] submit_bio_noacct_nocheck+0x6b2/0xd30\n[ 400.347690] iomap_readahead+0x50c/0x680\n[ 400.347731] read_pages+0x17f/0x9c0\n[ 400.347785] page_cache_ra_unbounded+0x366/0x4a0\n[ 400.347795] filemap_fault+0x83d/0x2340\n[ 400.347819] __xfs_filemap_fault+0x11a/0x7d0 [xfs]\n[ 400.349256] __do_fault+0xf1/0x610\n[ 400.349270] do_fault+0x977/0x11a0\n[ 400.349281] __handle_mm_fault+0x5d1/0x850\n[ 400.349314] handle_mm_fault+0x1f8/0x560\n[ 400.349324] do_user_addr_fault+0x324/0x970\n[ 400.349337] exc_page_fault+0x76/0xf0\n[ 400.349350] asm_exc_page_fault+0x26/0x30\n[ 400.349360] RIP: 0033:0x55a480d77375\n[ 400.349384] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 ae 02 00 00 55 48 89 e5 48 83 ec 58 48 8b 10 <83> 7a 10 00 0f 84 27 02 00 00 44 0f b6 42 28 44 0f b6 4a 29 41 80\n[ 400.349392] RSP: 002b:00007f18c37fd8b8 EFLAGS: 00010216\n[ 400.349401] RAX: 00007f18c37fd9d0 RBX: 0000000000000000 RCX: 0000000000000000\n[ 400.349407] RDX: 000055a484407d38 RSI: 000000c000e8b0c0 RDI: 0000000000000000\n[ 400.349412] RBP: 00007f18c37fd910 R08: 000055a484017f60 R09: 000055a484066f80\n[ 400.349417] R10: 0000000000194000 R11: 0000000000000005 R12: 0000000000000008\n[ 400.349422] R13: 0000000000000000 R14: 000000c000476a80 R15: 0000000000000000\n[ 400.349430] </TASK>\n[ 400.349452]\n[ 400.349454] Allocated by task 5800:\n[ 400.349459] kasan_save_stack+0x30/0x50\n[ 400.349469] kasan_save_track+0x14/0x30\n[ 400.349475] __kasan_slab_alloc+0x89/0x90\n[ 400.349482] kmem_cache_alloc_node_noprof+0xdc/0x2a0\n[ 400.349492] bfq_get_queue+0x1ef/0x1100\n[ 400.349502] __bfq_get_bfqq_handle_split+0x11a/0x510\n[ 400.349511] bfq_insert_requests+0xf55/0x9030\n[ 400.349519] blk_mq_flush_plug_list+0x446/0x14c0\n[ 400.349527] __blk_flush_plug+0x27c/0x4e0\n[ 400.349534] blk_finish_plug+0x52/0xa0\n[ 400.349540] _xfs_buf_ioapply+0x739/0xc30 [xfs]\n[ 400.350246] __xfs_buf_submit+0x1b2/0x640 [xfs]\n[ 400.350967] xfs_buf_read_map+0x306/0xa20 [xfs]\n[ 400.351672] xfs_trans_read_buf_map+0x285/0x7d0 [xfs]\n[ 400.352386] xfs_imap_to_bp+0x107/0x270 [xfs]\n[ 400.353077] xfs_iget+0x70d/0x1eb0 [xfs]\n[ 400.353786] xfs_lookup+0x2ca/0x3a0 [xfs]\n[ 400.354506] xfs_vn_lookup+0x14e/0x1a0 [xfs]\n[ 400.355197] __lookup_slow+0x19c/0x340\n[ 400.355204] lookup_one_unlocked+0xfc/0x120\n[ 400.355211] ovl_lookup_single+0x1b3/0xcf0 [overlay]\n[ 400.355255] ovl_lookup_layer+0x316/0x490 [overlay]\n[ 400.355295] ovl_lookup+0x844/0x1fd0 [overlay]\n[ 400.355351] lookup_one_qstr_excl+0xef/0x150\n[ 400.355357] do_unlinkat+0x22a/0x620\n[ 400.355366] __x64_sys_unlinkat+0x109/0x1e0\n[ 400.355375] do_syscall_64+0x82/0x160\n[ 400.355384] entry_SYSCALL_64_after_hwframe+0x76/0x7\n---truncated---"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-01-20T06:20:45.796Z"}}}, "cveMetadata": {"cveId": "CVE-2024-53182", "state": "PUBLISHED", "dateUpdated": "2025-03-06T16:14:33.459Z", "dateReserved": "2024-11-19T17:17:25.009Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-12-27T13:49:25.670Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776", "versionEndExcluding": "6.12.2", "versionStartIncluding": "6.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()\"\n\nThis reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de.\n\nThe bic is associated with sync_bfqq, and bfq_release_process_ref cannot\nbe put into bfq_put_cooperator.\n\nkasan report:\n[ 400.347277] ==================================================================\n[ 400.347287] BUG: KASAN: slab-use-after-free in bic_set_bfqq+0x200/0x230\n[ 400.347420] Read of size 8 at addr ffff88881cab7d60 by task dockerd/5800\n[ 400.347430]\n[ 400.347436] CPU: 24 UID: 0 PID: 5800 Comm: dockerd Kdump: loaded Tainted: G E 6.12.0 #32\n[ 400.347450] Tainted: [E]=UNSIGNED_MODULE\n[ 400.347454] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022\n[ 400.347460] Call Trace:\n[ 400.347464] <TASK>\n[ 400.347468] dump_stack_lvl+0x5d/0x80\n[ 400.347490] print_report+0x174/0x505\n[ 400.347521] kasan_report+0xe0/0x160\n[ 400.347541] bic_set_bfqq+0x200/0x230\n[ 400.347549] bfq_bic_update_cgroup+0x419/0x740\n[ 400.347560] bfq_bio_merge+0x133/0x320\n[ 400.347584] blk_mq_submit_bio+0x1761/0x1e20\n[ 400.347625] __submit_bio+0x28b/0x7b0\n[ 400.347664] submit_bio_noacct_nocheck+0x6b2/0xd30\n[ 400.347690] iomap_readahead+0x50c/0x680\n[ 400.347731] read_pages+0x17f/0x9c0\n[ 400.347785] page_cache_ra_unbounded+0x366/0x4a0\n[ 400.347795] filemap_fault+0x83d/0x2340\n[ 400.347819] __xfs_filemap_fault+0x11a/0x7d0 [xfs]\n[ 400.349256] __do_fault+0xf1/0x610\n[ 400.349270] do_fault+0x977/0x11a0\n[ 400.349281] __handle_mm_fault+0x5d1/0x850\n[ 400.349314] handle_mm_fault+0x1f8/0x560\n[ 400.349324] do_user_addr_fault+0x324/0x970\n[ 400.349337] exc_page_fault+0x76/0xf0\n[ 400.349350] asm_exc_page_fault+0x26/0x30\n[ 400.349360] RIP: 0033:0x55a480d77375\n[ 400.349384] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 ae 02 00 00 55 48 89 e5 48 83 ec 58 48 8b 10 <83> 7a 10 00 0f 84 27 02 00 00 44 0f b6 42 28 44 0f b6 4a 29 41 80\n[ 400.349392] RSP: 002b:00007f18c37fd8b8 EFLAGS: 00010216\n[ 400.349401] RAX: 00007f18c37fd9d0 RBX: 0000000000000000 RCX: 0000000000000000\n[ 400.349407] RDX: 000055a484407d38 RSI: 000000c000e8b0c0 RDI: 0000000000000000\n[ 400.349412] RBP: 00007f18c37fd910 R08: 000055a484017f60 R09: 000055a484066f80\n[ 400.349417] R10: 0000000000194000 R11: 0000000000000005 R12: 0000000000000008\n[ 400.349422] R13: 0000000000000000 R14: 000000c000476a80 R15: 0000000000000000\n[ 400.349430] </TASK>\n[ 400.349452]\n[ 400.349454] Allocated by task 5800:\n[ 400.349459] kasan_save_stack+0x30/0x50\n[ 400.349469] kasan_save_track+0x14/0x30\n[ 400.349475] __kasan_slab_alloc+0x89/0x90\n[ 400.349482] kmem_cache_alloc_node_noprof+0xdc/0x2a0\n[ 400.349492] bfq_get_queue+0x1ef/0x1100\n[ 400.349502] __bfq_get_bfqq_handle_split+0x11a/0x510\n[ 400.349511] bfq_insert_requests+0xf55/0x9030\n[ 400.349519] blk_mq_flush_plug_list+0x446/0x14c0\n[ 400.349527] __blk_flush_plug+0x27c/0x4e0\n[ 400.349534] blk_finish_plug+0x52/0xa0\n[ 400.349540] _xfs_buf_ioapply+0x739/0xc30 [xfs]\n[ 400.350246] __xfs_buf_submit+0x1b2/0x640 [xfs]\n[ 400.350967] xfs_buf_read_map+0x306/0xa20 [xfs]\n[ 400.351672] xfs_trans_read_buf_map+0x285/0x7d0 [xfs]\n[ 400.352386] xfs_imap_to_bp+0x107/0x270 [xfs]\n[ 400.353077] xfs_iget+0x70d/0x1eb0 [xfs]\n[ 400.353786] xfs_lookup+0x2ca/0x3a0 [xfs]\n[ 400.354506] xfs_vn_lookup+0x14e/0x1a0 [xfs]\n[ 400.355197] __lookup_slow+0x19c/0x340\n[ 400.355204] lookup_one_unlocked+0xfc/0x120\n[ 400.355211] ovl_lookup_single+0x1b3/0xcf0 [overlay]\n[ 400.355255] ovl_lookup_layer+0x316/0x490 [overlay]\n[ 400.355295] ovl_lookup+0x844/0x1fd0 [overlay]\n[ 400.355351] lookup_one_qstr_excl+0xef/0x150\n[ 400.355357] do_unlinkat+0x22a/0x620\n[ 400.355366] __x64_sys_unlinkat+0x109/0x1e0\n[ 400.355375] do_syscall_64+0x82/0x160\n[ 400.355384] entry_SYSCALL_64_after_hwframe+0x76/0x7\n---truncated---"}, {"lang": "es", "value": "En el n\u00facleo de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \"block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()\" Esto revierte el commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de. El bic est\u00e1 asociado con sync_bfqq y bfq_release_process_ref no se puede colocar en bfq_put_cooperator. informe de kasan: [ 400.347277] ======================================================================= [ 400.347287] ERROR: KASAN: slab-use-after-free en bic_set_bfqq+0x200/0x230 [ 400.347420] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88881cab7d60 por la tarea dockerd/5800 [ 400.347430] [ 400.347436] CPU: 24 UID: 0 PID: 5800 Comm: dockerd Kdump: cargado Tainted: GE 6.12.0 #32 [ 400.347450] Contaminado: [E]=UNSIGNED_MODULE [ 400.347454] Nombre del hardware: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 28/07/2022 [ 400.347460] Seguimiento de llamadas: [ 400.347464] [ 400.347468] dump_stack_lvl+0x5d/0x80 [ 400.347490] print_report+0x174/0x505 [ 400.347521] kasan_report+0xe0/0x160 [ 400.347541] bic_set_bfqq+0x200/0x230 [ 400.347549] bfq_bic_update_cgroup+0x419/0x740 [ 400.347560] bfq_bio_merge+0x133/0x320 [ 400.347584] blk_mq_submit_bio+0x1761/0x1e20 [ 400.347625] __submit_bio+0x28b/0x7b0 [ 400.347664] enviar_bio_noacct_nocheck+0x6b2/0xd30 [ 400.347690] iomap_readahead+0x50c/0x680 [ 400.347731] p\u00e1ginas_de_lectura+0x17f/0x9c0 [ 400.347785] cach\u00e9_de_p\u00e1gina_ra_sin_l\u00edmites+0x366/0x4a0 [ 400.347795] error_mapa_archivo+0x83d/0x2340 [ 400.347819] error_mapa_archivo_xfs+0x11a/0x7d0 [xfs] [ 400.349256] error_do+0xf1/0x610 [ 400.349270] error_do+0x977/0x11a0 [ 400.349281] error_mm_gestionar+0x5d1/0x850 [ 400.349314] handle_mm_fault+0x1f8/0x560 [ 400.349324] do_user_addr_fault+0x324/0x970 [ 400.349337] exc_page_fault+0x76/0xf0 [ 400.349350] asm_exc_page_fault+0x26/0x30 [ 400.349360] RIP: 0033:0x55a480d77375 [ 400.349384] C\u00f3digo: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 ae 02 00 00 55 48 89 e5 48 83 ec 58 48 8b 10 &lt;83&gt; 7a 10 00 0f 84 27 02 00 00 44 0f b6 42 28 44 0f b6 4a 29 41 80 [ 400.349392] RSP: 002b:00007f18c37fd8b8 EFLAGS: 00010216 [ 400.349401] RAX: 00007f18c37fd9d0 RBX: 000000000000000 RCX: 0000000000000000 [ 400.349407] RDX: 000055a484407d38 RSI: 000000c000e8b0c0 RDI: 0000000000000000 [ 400.349412] RBP: 00007f18c37fd910 R08: 000055a484017f60 R09: 000055a484066f80 [ 400.349417] R10: 0000000000194000 R11: 0000000000000005 R12: 0000000000000008 [ 400.349422] R13: 0000000000000000 R14: 000000c000476a80 R15: 0000000000000000 [ 400.349430] [ 400.349452] [ 400.349454] Asignado por la tarea 5800: [ 400.349459] kasan_save_stack+0x30/0x50 [ 400.349469] kasan_save_track+0x14/0x30 [ 400.349475] __kasan_slab_alloc+0x89/0x90 [ 400.349482] kmem_cache_alloc_node_noprof+0xdc/0x2a0 [ 400.349492] bfq_get_queue+0x1ef/0x1100 [ 400.349502] __bfq_get_bfqq_handle_split+0x11a/0x510 [ 400.349511] bfq_insert_requests+0xf55/0x9030 [ 400.349519] blk_mq_flush_plug_list+0x446/0x14c0 [ 400.349527] __blk_flush_plug+0x27c/0x4e0 [ 400.349534] blk_finish_plug+0x52/0xa0 [ 400.349540] _xfs_buf_ioapply+0x739/0xc30 [xfs] [ 400.350246] __xfs_buf_submit+0x1b2/0x640 [xfs] [ 400.350967] xfs_buf_read_map+0x306/0xa20 [xfs] [ 400.351672] xfs_trans_read_buf_map+0x285/0x7d0 [xfs] [ 400.352386] xfs_imap_to_bp+0x107/0x270 [xfs] [ 400.353077] xfs_iget+0x70d/0x1eb0 [xfs] [ 400.353786] xfs_lookup+0x2ca/0x3a0 [xfs] [ 400.354506] xfs_vn_lookup+0x14e/0x1a0 [xfs] [ 400.355197] __lookup_slow+0x19c/0x340 [ 400.355204] lookup_one_unlocked+0xfc/0x120 [ 400.355211] ovl_lookup_single+0x1b3/0xcf0 [superposici\u00f3n] [ 400.355255] ovl_lookup_layer+0x316/0x490 [superposici\u00f3n] [ 400.355295] ovl_lookup+0x844/0x1fd0 [superposici\u00f3n] [ 400.355351] lookup_one_qstr_excl+0xef/0x150 [ 400.355357] do_unlinkat+0x22a/0x620 [ 400.355366] __x64_sys_unlinkat+0x109/0x1e0 [ 400.355375] do_syscall_64+0x82/0x160 [ 400.355384] entrada_SYSCALL_64_after_hwframe+0x76/0x7 ---truncado---"}], "id": "CVE-2024-53182", "lastModified": "2025-03-24T17:26:10.660", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-12-27T14:15:25.643", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7baf94232651f39f7108c23bc9548bff89bdc77b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cf5a60d971c7b59efb89927919404be655a9e35a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: Revert \"block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()\"", "id": "2334349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334349"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nRevert \"block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()\"\nThis reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de.\nThe bic is associated with sync_bfqq, and bfq_release_process_ref cannot\nbe put into bfq_put_cooperator.\nkasan report:\n[ 400.347277] ==================================================================\n[ 400.347287] BUG: KASAN: slab-use-after-free in bic_set_bfqq+0x200/0x230\n[ 400.347420] Read of size 8 at addr ffff88881cab7d60 by task dockerd/5800\n[ 400.347430]\n[ 400.347436] CPU: 24 UID: 0 PID: 5800 Comm: dockerd Kdump: loaded Tainted: G E 6.12.0 #32\n[ 400.347450] Tainted: [E]=UNSIGNED_MODULE\n[ 400.347454] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022\n[ 400.347460] Call Trace:\n[ 400.347464] <TASK>\n[ 400.347468] dump_stack_lvl+0x5d/0x80\n[ 400.347490] print_report+0x174/0x505\n[ 400.347521] kasan_report+0xe0/0x160\n[ 400.347541] bic_set_bfqq+0x200/0x230\n[ 400.347549] bfq_bic_update_cgroup+0x419/0x740\n[ 400.347560] bfq_bio_merge+0x133/0x320\n[ 400.347584] blk_mq_submit_bio+0x1761/0x1e20\n[ 400.347625] __submit_bio+0x28b/0x7b0\n[ 400.347664] submit_bio_noacct_nocheck+0x6b2/0xd30\n[ 400.347690] iomap_readahead+0x50c/0x680\n[ 400.347731] read_pages+0x17f/0x9c0\n[ 400.347785] page_cache_ra_unbounded+0x366/0x4a0\n[ 400.347795] filemap_fault+0x83d/0x2340\n[ 400.347819] __xfs_filemap_fault+0x11a/0x7d0 [xfs]\n[ 400.349256] __do_fault+0xf1/0x610\n[ 400.349270] do_fault+0x977/0x11a0\n[ 400.349281] __handle_mm_fault+0x5d1/0x850\n[ 400.349314] handle_mm_fault+0x1f8/0x560\n[ 400.349324] do_user_addr_fault+0x324/0x970\n[ 400.349337] exc_page_fault+0x76/0xf0\n[ 400.349350] asm_exc_page_fault+0x26/0x30\n[ 400.349360] RIP: 0033:0x55a480d77375\n[ 400.349384] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 ae 02 00 00 55 48 89 e5 48 83 ec 58 48 8b 10 <83> 7a 10 00 0f 84 27 02 00 00 44 0f b6 42 28 44 0f b6 4a 29 41 80\n[ 400.349392] RSP: 002b:00007f18c37fd8b8 EFLAGS: 00010216\n[ 400.349401] RAX: 00007f18c37fd9d0 RBX: 0000000000000000 RCX: 0000000000000000\n[ 400.349407] RDX: 000055a484407d38 RSI: 000000c000e8b0c0 RDI: 0000000000000000\n[ 400.349412] RBP: 00007f18c37fd910 R08: 000055a484017f60 R09: 000055a484066f80\n[ 400.349417] R10: 0000000000194000 R11: 0000000000000005 R12: 0000000000000008\n[ 400.349422] R13: 0000000000000000 R14: 000000c000476a80 R15: 0000000000000000\n[ 400.349430] </TASK>\n[ 400.349452]\n[ 400.349454] Allocated by task 5800:\n[ 400.349459] kasan_save_stack+0x30/0x50\n[ 400.349469] kasan_save_track+0x14/0x30\n[ 400.349475] __kasan_slab_alloc+0x89/0x90\n[ 400.349482] kmem_cache_alloc_node_noprof+0xdc/0x2a0\n[ 400.349492] bfq_get_queue+0x1ef/0x1100\n[ 400.349502] __bfq_get_bfqq_handle_split+0x11a/0x510\n[ 400.349511] bfq_insert_requests+0xf55/0x9030\n[ 400.349519] blk_mq_flush_plug_list+0x446/0x14c0\n[ 400.349527] __blk_flush_plug+0x27c/0x4e0\n[ 400.349534] blk_finish_plug+0x52/0xa0\n[ 400.349540] _xfs_buf_ioapply+0x739/0xc30 [xfs]\n[ 400.350246] __xfs_buf_submit+0x1b2/0x640 [xfs]\n[ 400.350967] xfs_buf_read_map+0x306/0xa20 [xfs]\n[ 400.351672] xfs_trans_read_buf_map+0x285/0x7d0 [xfs]\n[ 400.352386] xfs_imap_to_bp+0x107/0x270 [xfs]\n[ 400.353077] xfs_iget+0x70d/0x1eb0 [xfs]\n[ 400.353786] xfs_lookup+0x2ca/0x3a0 [xfs]\n[ 400.354506] xfs_vn_lookup+0x14e/0x1a0 [xfs]\n[ 400.355197] __lookup_slow+0x19c/0x340\n[ 400.355204] lookup_one_unlocked+0xfc/0x120\n[ 400.355211] ovl_lookup_single+0x1b3/0xcf0 [overlay]\n[ 400.355255] ovl_lookup_layer+0x316/0x490 [overlay]\n[ 400.355295] ovl_lookup+0x844/0x1fd0 [overlay]\n[ 400.355351] lookup_one_qstr_excl+0xef/0x150\n[ 400.355357] do_unlinkat+0x22a/0x620\n[ 400.355366] __x64_sys_unlinkat+0x109/0x1e0\n[ 400.355375] do_syscall_64+0x82/0x160\n[ 400.355384] entry_SYSCALL_64_after_hwframe+0x76/0x7\n---truncated---"], "name": "CVE-2024-53182", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53182\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53182\nhttps://lore.kernel.org/linux-cve-announce/2024122720-CVE-2024-53182-8a61@gregkh/T"], "threat_severity": "Low"}

{}