CVE-2024-40935

2024-07-1200:00:00

ubuntu.com

linux kernel

cachefiles

vulnerability

AI Score

Confidence

Low

JSON

In the Linux kernel, the following vulnerability has been resolved:
cachefiles: flush all requests after setting CACHEFILES_DEAD
In ondemand mode, when the daemon is processing an open request, if the
kernel flags the cache as CACHEFILES_DEAD, the cachefiles_daemon_write()
will always return -EIO, so the daemon can’t pass the copen to the kernel.
Then the kernel process that is waiting for the copen triggers a hung_task.
Since the DEAD state is irreversible, it can only be exited by closing
/dev/cachefiles. Therefore, after calling cachefiles_io_error() to mark
the cache as CACHEFILES_DEAD, if in ondemand mode, flush all requests to
avoid the above hungtask. We may still be able to read some of the cached
data before closing the fd of /dev/cachefiles.
Note that this relies on the patch that adds reference counting to the req,
otherwise it may UAF.

OSVersionArchitecturePackageVersionFilename
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu24.04noarchlinux-azure< anyUNKNOWN
ubuntu22.04noarchlinux-azure-6.5< anyUNKNOWN
ubuntu24.04noarchlinux-gcp< anyUNKNOWN
ubuntu22.04noarchlinux-gcp-6.5< anyUNKNOWN
ubuntu24.04noarchlinux-gke< anyUNKNOWN
ubuntu24.04noarchlinux-ibm< anyUNKNOWN
ubuntu24.04noarchlinux-intel< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	24.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure-6.5	< any	UNKNOWN
ubuntu	24.04	noarch	linux-gcp	< any	UNKNOWN
ubuntu	22.04	noarch	linux-gcp-6.5	< any	UNKNOWN
ubuntu	24.04	noarch	linux-gke	< any	UNKNOWN
ubuntu	24.04	noarch	linux-ibm	< any	UNKNOWN
ubuntu	24.04	noarch	linux-intel	< any	UNKNOWN