Amazon Linux AMI 2: CVE-2024-26685: Security patch for kernel (Multiple Advisories)

Amazon Linux AMI 2: CVE-2024-26685: Security patch for kernel (Multiple Advisories)

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

04/03/2024

Created

12/13/2024

Added

12/12/2024

Modified

12/12/2024

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and cause a BUG_ON failure when using nilfs2. Nilfs2 itself does not use end_buffer_async_write().But, the async_write flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") as a means of resolving double list insertion of dirty blocks in nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the resulting crash. This modification is safe as long as it is used for file data and b-tree node blocks where the page caches are independent.However, it was irrelevant and redundant to also introduce async_write for segment summary and super root blocks that share buffers with the backing device.This led to the possibility that the BUG_ON check in end_buffer_async_write would fail as described above, if independent writebacks of the backing device occurred in parallel. The use of async_write for segment summary buffers has already been removed in a previous change. Fix this issue by removing the manipulation of the async_write flag for the remaining super root block buffer.

Solution(s)

• amazon-linux-ami-2-upgrade-bpftool
• amazon-linux-ami-2-upgrade-bpftool-debuginfo
• amazon-linux-ami-2-upgrade-kernel
• amazon-linux-ami-2-upgrade-kernel-debuginfo
• amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64
• amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64
• amazon-linux-ami-2-upgrade-kernel-devel
• amazon-linux-ami-2-upgrade-kernel-headers
• amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-343-259-562
• amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-210-201-852
• amazon-linux-ami-2-upgrade-kernel-tools
• amazon-linux-ami-2-upgrade-kernel-tools-debuginfo
• amazon-linux-ami-2-upgrade-kernel-tools-devel
• amazon-linux-ami-2-upgrade-perf
• amazon-linux-ami-2-upgrade-perf-debuginfo
• amazon-linux-ami-2-upgrade-python-perf
• amazon-linux-ami-2-upgrade-python-perf-debuginfo

References

• https://attackerkb.com/topics/cve-2024-26685
• AL2/ALAS-2024-2549
• AL2/ALASKERNEL-5.10-2024-053
• AL2/ALASKERNEL-5.4-2024-062
• CVE - 2024-26685