CVE-2024-40971

July 12, 2024, 4:34 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SB_INLINECRYPT flag in default_options In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead to data corruption if wrappedkey_v0 is enable. Thread A: Thread B: -f2fs_remount -f2fs_file_open or f2fs_new_inode -default_options <- clear SB_INLINECRYPT flag -fscrypt_select_encryption_impl -parse_options <- set SB_INLINECRYPT again

Product(s) Impacted

Product Versions
Linux Kernel

Weaknesses

References

https://git.kernel.org/stable/c/38a82c8d00638bb642bef787eb1d5e0e4d3b7d71
https://git.kernel.org/stable/c/724429db09e21ee153fef35e34342279d33df6ae
https://git.kernel.org/stable/c/a9cea0489c562c97cd56bb345e78939f9909e7f4
https://git.kernel.org/stable/c/ac5eecf481c29942eb9a862e758c0c8b68090c33
https://git.kernel.org/stable/c/ae39c8ec4250d2a35ddaab1c40faacfec306ff66
https://git.kernel.org/stable/c/eddeb8d941d5be11a9da5637dbe81ac37e8449a2

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-07-12
CVE-2024-40971

Date

  • Published: July 12, 2024, 1:15 p.m.
  • Last Modified: July 12, 2024, 4:34 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.