Vulnerability Details : CVE-2024-26773
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
Determine if the group block bitmap is corrupted before using ac_b_ex in
ext4_mb_try_best_found() to avoid allocating blocks from a group with a
corrupted block bitmap in the following concurrency and making the
situation worse.
ext4_mb_regular_allocator
ext4_lock_group(sb, group)
ext4_mb_good_group
// check if the group bbitmap is corrupted
ext4_mb_complex_scan_group
// Scan group gets ac_b_ex but doesn't use it
ext4_unlock_group(sb, group)
ext4_mark_group_bitmap_corrupted(group)
// The block bitmap was corrupted during
// the group unlock gap.
ext4_mb_try_best_found
ext4_lock_group(ac->ac_sb, group)
ext4_mb_use_best_found
mb_mark_used
// Allocating blocks in block bitmap corrupted group
Products affected by CVE-2024-26773
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-26773
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-26773
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | 2025-03-18 |
References for CVE-2024-26773
-
https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
[SECURITY] [DLA 3840-1] linux security updateMailing List
-
https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
[SECURITY] [DLA 3842-1] linux-5.10 security updateMailing List
-
https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to