Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2024-56755

Disclosure Date: December 29, 2024 •

CVE-2024-56755 CVSS v3 Base Score: 5.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING

In fscache_create_volume(), there is a missing memory barrier between the
bit-clearing operation and the wake-up operation. This may cause a
situation where, after a wake-up, the bit-clearing operation hasn’t been
detected yet, leading to an indefinite wait. The triggering process is as
follows:

[cookie1] [cookie2] [volume_work]
fscache_perform_lookup
fscache_create_volume

                    fscache_perform_lookup
                      fscache_create_volume
		                        fscache_create_volume_work
                                              cachefiles_acquire_volume
                                              clear_and_wake_up_bit
test_and_set_bit
                        test_and_set_bit
                          goto maybe_wait
  goto no_wait

In the above process, cookie1 and cookie2 has the same volume. When cookie1
enters the -no_wait- process, it will clear the bit and wake up the waiting
process. If a barrier is missing, it may cause cookie2 to remain in the
-wait- process indefinitely.

In commit 3288666c7256 (“fscache: Use clear_and_wake_up_bit() in
fscache_create_volume_work()”), barriers were added to similar operations
in fscache_create_volume_work(), but fscache_create_volume() was missed.

By combining the clear and wake operations into clear_and_wake_up_bit() to
fix this issue.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

linux

Products

linux kernel

References

Canonical

CVE-2024-56755 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56755)

Miscellaneous

https://git.kernel.org/stable/c/ddab02607eed9e415dc62fde421d4329e5345315

https://git.kernel.org/stable/c/539fabba965e119b98066fc6ba5257b5eaf4eda2

https://git.kernel.org/stable/c/8beb682cc9a0798a280bbb95e3e41617237090b2

https://git.kernel.org/stable/c/8cc1df3113cb71a0df2c46dd5b102c9e11c8a8c6

https://git.kernel.org/stable/c/22f9400a6f3560629478e0a64247b8fcc811a24d

Rapid7

Unknown

CVE-2024-56755

Unknown

Unknown

None

Low

Local

CVE-2024-56755

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-56755

Unknown

Unknown

None

Low

Local

CVE-2024-56755

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification