CVE-2024-26832 (GCVE-0-2024-26832)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:10 – Updated: 2025-05-04 12:54
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix missing folio cleanup in writeback race path In zswap_writeback_entry(), after we get a folio from __read_swap_cache_async(), we grab the tree lock again to check that the swap entry was not invalidated and recycled. If it was, we delete the folio we just added to the swap cache and exit. However, __read_swap_cache_async() returns the folio locked when it is newly allocated, which is always true for this path, and the folio is ref'd. Make sure to unlock and put the folio before returning. This was discovered by code inspection, probably because this path handles a race condition that should not happen often, and the bug would not crash the system, it will only strand the folio indefinitely.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 2cab13f500a6333bd2b853783ac76be9e4956f8a , < 14f1992430ef9e647b02aa8ca12c5bcb9a1dffea (git)
Affected: 04fc7816089c5a32c29a04ec94b998e219dfb946 , < 6156277d1b26cb3fdb6fcbf0686ab78268571644 (git)
Affected: 04fc7816089c5a32c29a04ec94b998e219dfb946 , < e2891c763aa2cff74dd6b5e978411ccf0cf94abe (git)
Affected: 04fc7816089c5a32c29a04ec94b998e219dfb946 , < e3b63e966cac0bf78aaa1efede1827a252815a1d (git)
Affected: ba700ea13bf0105a4773c654f7d3bef8adb64ab2 (git)
Create a notification for this product.
    Linux Linux Affected: 6.4
Unaffected: 0 , < 6.4 (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26832",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T18:06:53.982230Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-16T18:07:04.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/14f1992430ef9e647b02aa8ca12c5bcb9a1dffea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6156277d1b26cb3fdb6fcbf0686ab78268571644"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e2891c763aa2cff74dd6b5e978411ccf0cf94abe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3b63e966cac0bf78aaa1efede1827a252815a1d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/zswap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "14f1992430ef9e647b02aa8ca12c5bcb9a1dffea",
              "status": "affected",
              "version": "2cab13f500a6333bd2b853783ac76be9e4956f8a",
              "versionType": "git"
            },
            {
              "lessThan": "6156277d1b26cb3fdb6fcbf0686ab78268571644",
              "status": "affected",
              "version": "04fc7816089c5a32c29a04ec94b998e219dfb946",
              "versionType": "git"
            },
            {
              "lessThan": "e2891c763aa2cff74dd6b5e978411ccf0cf94abe",
              "status": "affected",
              "version": "04fc7816089c5a32c29a04ec94b998e219dfb946",
              "versionType": "git"
            },
            {
              "lessThan": "e3b63e966cac0bf78aaa1efede1827a252815a1d",
              "status": "affected",
              "version": "04fc7816089c5a32c29a04ec94b998e219dfb946",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ba700ea13bf0105a4773c654f7d3bef8adb64ab2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/zswap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "6.1.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.3.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: fix missing folio cleanup in writeback race path\n\nIn zswap_writeback_entry(), after we get a folio from\n__read_swap_cache_async(), we grab the tree lock again to check that the\nswap entry was not invalidated and recycled.  If it was, we delete the\nfolio we just added to the swap cache and exit.\n\nHowever, __read_swap_cache_async() returns the folio locked when it is\nnewly allocated, which is always true for this path, and the folio is\nref\u0027d.  Make sure to unlock and put the folio before returning.\n\nThis was discovered by code inspection, probably because this path handles\na race condition that should not happen often, and the bug would not crash\nthe system, it will only strand the folio indefinitely."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:54:53.558Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/14f1992430ef9e647b02aa8ca12c5bcb9a1dffea"
        },
        {
          "url": "https://git.kernel.org/stable/c/6156277d1b26cb3fdb6fcbf0686ab78268571644"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2891c763aa2cff74dd6b5e978411ccf0cf94abe"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3b63e966cac0bf78aaa1efede1827a252815a1d"
        }
      ],
      "title": "mm: zswap: fix missing folio cleanup in writeback race path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26832",
    "datePublished": "2024-04-17T10:10:01.016Z",
    "dateReserved": "2024-02-19T14:20:24.181Z",
    "dateUpdated": "2025-05-04T12:54:53.558Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmm: zswap: fix missing folio cleanup in writeback race path\\n\\nIn zswap_writeback_entry(), after we get a folio from\\n__read_swap_cache_async(), we grab the tree lock again to check that the\\nswap entry was not invalidated and recycled.  If it was, we delete the\\nfolio we just added to the swap cache and exit.\\n\\nHowever, __read_swap_cache_async() returns the folio locked when it is\\nnewly allocated, which is always true for this path, and the folio is\\nref\u0027d.  Make sure to unlock and put the folio before returning.\\n\\nThis was discovered by code inspection, probably because this path handles\\na race condition that should not happen often, and the bug would not crash\\nthe system, it will only strand the folio indefinitely.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se resolvi\\u00f3 la siguiente vulnerabilidad: mm: zswap: corrige la limpieza de folio faltante en la ruta de carrera de escritura diferida En zswap_writeback_entry(), despu\\u00e9s de obtener un folio de __read_swap_cache_async(), tomamos el bloqueo del \\u00e1rbol nuevamente para verificar que el intercambio la entrada no fue invalidada y reciclada. Si as\\u00ed fuera, eliminamos la publicaci\\u00f3n que acabamos de agregar al cach\\u00e9 de intercambio y salimos. Sin embargo, __read_swap_cache_async() devuelve la publicaci\\u00f3n bloqueada cuando se asigna recientemente, lo que siempre es cierto para esta ruta, y la publicaci\\u00f3n se ref. Aseg\\u00farate de desbloquear y colocar el folio antes de regresar. Esto se descubri\\u00f3 mediante la inspecci\\u00f3n del c\\u00f3digo, probablemente porque esta ruta maneja una condici\\u00f3n de carrera que no deber\\u00eda ocurrir con frecuencia, y el error no bloquear\\u00eda el sistema, solo bloquear\\u00e1 la publicaci\\u00f3n indefinidamente.\"}]",
      "id": "CVE-2024-26832",
      "lastModified": "2024-11-21T09:03:10.120",
      "published": "2024-04-17T10:15:09.507",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/14f1992430ef9e647b02aa8ca12c5bcb9a1dffea\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/6156277d1b26cb3fdb6fcbf0686ab78268571644\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/e2891c763aa2cff74dd6b5e978411ccf0cf94abe\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/e3b63e966cac0bf78aaa1efede1827a252815a1d\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/14f1992430ef9e647b02aa8ca12c5bcb9a1dffea\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/6156277d1b26cb3fdb6fcbf0686ab78268571644\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/e2891c763aa2cff74dd6b5e978411ccf0cf94abe\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/e3b63e966cac0bf78aaa1efede1827a252815a1d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26832\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-17T10:15:09.507\",\"lastModified\":\"2025-04-02T13:18:56.860\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmm: zswap: fix missing folio cleanup in writeback race path\\n\\nIn zswap_writeback_entry(), after we get a folio from\\n__read_swap_cache_async(), we grab the tree lock again to check that the\\nswap entry was not invalidated and recycled.  If it was, we delete the\\nfolio we just added to the swap cache and exit.\\n\\nHowever, __read_swap_cache_async() returns the folio locked when it is\\nnewly allocated, which is always true for this path, and the folio is\\nref\u0027d.  Make sure to unlock and put the folio before returning.\\n\\nThis was discovered by code inspection, probably because this path handles\\na race condition that should not happen often, and the bug would not crash\\nthe system, it will only strand the folio indefinitely.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm: zswap: corrige la limpieza de folio faltante en la ruta de carrera de escritura diferida En zswap_writeback_entry(), despu\u00e9s de obtener un folio de __read_swap_cache_async(), tomamos el bloqueo del \u00e1rbol nuevamente para verificar que el intercambio la entrada no fue invalidada y reciclada. Si as\u00ed fuera, eliminamos la publicaci\u00f3n que acabamos de agregar al cach\u00e9 de intercambio y salimos. Sin embargo, __read_swap_cache_async() devuelve la publicaci\u00f3n bloqueada cuando se asigna recientemente, lo que siempre es cierto para esta ruta, y la publicaci\u00f3n se ref. Aseg\u00farate de desbloquear y colocar el folio antes de regresar. Esto se descubri\u00f3 mediante la inspecci\u00f3n del c\u00f3digo, probablemente porque esta ruta maneja una condici\u00f3n de carrera que no deber\u00eda ocurrir con frecuencia, y el error no bloquear\u00eda el sistema, solo bloquear\u00e1 la publicaci\u00f3n indefinidamente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-459\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.30\",\"versionEndExcluding\":\"6.1.80\",\"matchCriteriaId\":\"1211DF2E-2D5A-40BA-AB38-210B8B2B4A99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4\",\"versionEndExcluding\":\"6.6.19\",\"matchCriteriaId\":\"42342D9F-A537-444E-8441-E8C6CAD53884\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.7.7\",\"matchCriteriaId\":\"575EE16B-67F2-4B5B-B5F8-1877715C898B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A256569-6629-42B1-8233-0E91DA2F315D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9F4EA73-0894-400F-A490-3A397AB7A517\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"056BD938-0A27-4569-B391-30578B309EE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F02056A5-B362-4370-9FF8-6F0BD384D520\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"62075ACE-B2A0-4B16-829D-B3DA5AE5CC41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A780F817-2A77-4130-A9B7-5C25606314E3\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/14f1992430ef9e647b02aa8ca12c5bcb9a1dffea\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6156277d1b26cb3fdb6fcbf0686ab78268571644\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e2891c763aa2cff74dd6b5e978411ccf0cf94abe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e3b63e966cac0bf78aaa1efede1827a252815a1d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/14f1992430ef9e647b02aa8ca12c5bcb9a1dffea\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6156277d1b26cb3fdb6fcbf0686ab78268571644\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e2891c763aa2cff74dd6b5e978411ccf0cf94abe\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e3b63e966cac0bf78aaa1efede1827a252815a1d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/14f1992430ef9e647b02aa8ca12c5bcb9a1dffea\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/6156277d1b26cb3fdb6fcbf0686ab78268571644\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/e2891c763aa2cff74dd6b5e978411ccf0cf94abe\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/e3b63e966cac0bf78aaa1efede1827a252815a1d\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:14:13.535Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-26832\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-16T18:06:53.982230Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-16T18:07:00.277Z\"}}], \"cna\": {\"title\": \"mm: zswap: fix missing folio cleanup in writeback race path\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2cab13f500a6333bd2b853783ac76be9e4956f8a\", \"lessThan\": \"14f1992430ef9e647b02aa8ca12c5bcb9a1dffea\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"04fc7816089c5a32c29a04ec94b998e219dfb946\", \"lessThan\": \"6156277d1b26cb3fdb6fcbf0686ab78268571644\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"04fc7816089c5a32c29a04ec94b998e219dfb946\", \"lessThan\": \"e2891c763aa2cff74dd6b5e978411ccf0cf94abe\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"04fc7816089c5a32c29a04ec94b998e219dfb946\", \"lessThan\": \"e3b63e966cac0bf78aaa1efede1827a252815a1d\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ba700ea13bf0105a4773c654f7d3bef8adb64ab2\", \"versionType\": \"git\"}], \"programFiles\": [\"mm/zswap.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.4\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.4\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.1.80\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.19\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.7.7\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.7.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"mm/zswap.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/14f1992430ef9e647b02aa8ca12c5bcb9a1dffea\"}, {\"url\": \"https://git.kernel.org/stable/c/6156277d1b26cb3fdb6fcbf0686ab78268571644\"}, {\"url\": \"https://git.kernel.org/stable/c/e2891c763aa2cff74dd6b5e978411ccf0cf94abe\"}, {\"url\": \"https://git.kernel.org/stable/c/e3b63e966cac0bf78aaa1efede1827a252815a1d\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmm: zswap: fix missing folio cleanup in writeback race path\\n\\nIn zswap_writeback_entry(), after we get a folio from\\n__read_swap_cache_async(), we grab the tree lock again to check that the\\nswap entry was not invalidated and recycled.  If it was, we delete the\\nfolio we just added to the swap cache and exit.\\n\\nHowever, __read_swap_cache_async() returns the folio locked when it is\\nnewly allocated, which is always true for this path, and the folio is\\nref\u0027d.  Make sure to unlock and put the folio before returning.\\n\\nThis was discovered by code inspection, probably because this path handles\\na race condition that should not happen often, and the bug would not crash\\nthe system, it will only strand the folio indefinitely.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.80\", \"versionStartIncluding\": \"6.1.30\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.19\", \"versionStartIncluding\": \"6.4\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.7.7\", \"versionStartIncluding\": \"6.4\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.8\", \"versionStartIncluding\": \"6.4\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"6.3.4\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T12:54:53.558Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-26832\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T12:54:53.558Z\", \"dateReserved\": \"2024-02-19T14:20:24.181Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-04-17T10:10:01.016Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.