Bug 2320211 (CVE-2024-47733) - CVE-2024-47733 kernel: netfs: Delete subtree of 'fs/netfs' when netfs module exits
Summary: CVE-2024-47733 kernel: netfs: Delete subtree of 'fs/netfs' when netfs module ...
Keywords:
Status: NEW
Alias: CVE-2024-47733
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2320309
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-21 13:02 UTC by OSIDB Bzimport
Modified: 2024-10-23 15:19 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-10-21 13:02:40 UTC 
In the Linux kernel, the following vulnerability has been resolved:

netfs: Delete subtree of 'fs/netfs' when netfs module exits

In netfs_init() or fscache_proc_init(), we create dentry under 'fs/netfs',
but in netfs_exit(), we only delete the proc entry of 'fs/netfs' without
deleting its subtree. This triggers the following WARNING:

==================================================================
remove_proc_entry: removing non-empty directory 'fs/netfs', leaking at least 'requests'
WARNING: CPU: 4 PID: 566 at fs/proc/generic.c:717 remove_proc_entry+0x160/0x1c0
Modules linked in: netfs(-)
CPU: 4 UID: 0 PID: 566 Comm: rmmod Not tainted 6.11.0-rc3 #860
RIP: 0010:remove_proc_entry+0x160/0x1c0
Call Trace:
 <TASK>
 netfs_exit+0x12/0x620 [netfs]
 __do_sys_delete_module.isra.0+0x14c/0x2e0
 do_syscall_64+0x4b/0x110
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
==================================================================

Therefore use remove_proc_subtree() instead of remove_proc_entry() to
fix the above problem.
Comment 1 Robb Gatica 2024-10-21 14:04:58 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024102107-CVE-2024-47733-6591@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.