{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-26685","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.153Z","datePublished":"2024-04-03T14:54:47.688Z","dateUpdated":"2026-05-11T20:02:13.157Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:02:13.157Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential bug in end_buffer_async_write\n\nAccording to a syzbot report, end_buffer_async_write(), which handles the\ncompletion of block device writes, may detect abnormal condition of the\nbuffer async_write flag and cause a BUG_ON failure when using nilfs2.\n\nNilfs2 itself does not use end_buffer_async_write().  But, the async_write\nflag is now used as a marker by commit 7f42ec394156 (\"nilfs2: fix issue\nwith race condition of competition between segments for dirty blocks\") as\na means of resolving double list insertion of dirty blocks in\nnilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the\nresulting crash.\n\nThis modification is safe as long as it is used for file data and b-tree\nnode blocks where the page caches are independent.  However, it was\nirrelevant and redundant to also introduce async_write for segment summary\nand super root blocks that share buffers with the backing device.  This\nled to the possibility that the BUG_ON check in end_buffer_async_write\nwould fail as described above, if independent writebacks of the backing\ndevice occurred in parallel.\n\nThe use of async_write for segment summary buffers has already been\nremoved in a previous change.\n\nFix this issue by removing the manipulation of the async_write flag for\nthe remaining super root block buffer."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/nilfs2/segment.c"],"versions":[{"version":"7f42ec3941560f0902fe3671e36f2c20ffd3af0a","lessThan":"c4a09fdac625e64abe478dcf88bfa20406616928","status":"affected","versionType":"git"},{"version":"7f42ec3941560f0902fe3671e36f2c20ffd3af0a","lessThan":"d31c8721e816eff5ca6573cc487754f357c093cd","status":"affected","versionType":"git"},{"version":"7f42ec3941560f0902fe3671e36f2c20ffd3af0a","lessThan":"f3e4963566f58726d3265a727116a42b591f6596","status":"affected","versionType":"git"},{"version":"7f42ec3941560f0902fe3671e36f2c20ffd3af0a","lessThan":"8fa90634ec3e9cc50f42dd605eec60f2d146ced8","status":"affected","versionType":"git"},{"version":"7f42ec3941560f0902fe3671e36f2c20ffd3af0a","lessThan":"6589f0f72f8edd1fa11adce4eedbd3615f2e78ab","status":"affected","versionType":"git"},{"version":"7f42ec3941560f0902fe3671e36f2c20ffd3af0a","lessThan":"2c3bdba00283a6c7a5b19481a59a730f46063803","status":"affected","versionType":"git"},{"version":"7f42ec3941560f0902fe3671e36f2c20ffd3af0a","lessThan":"626daab3811b772086aef1bf8eed3ffe6f523eff","status":"affected","versionType":"git"},{"version":"7f42ec3941560f0902fe3671e36f2c20ffd3af0a","lessThan":"5bc09b397cbf1221f8a8aacb1152650c9195b02b","status":"affected","versionType":"git"},{"version":"ccebcc74c81d8399c7b204aea47c1f33b09c2b17","status":"affected","versionType":"git"},{"version":"831c87640d23ccb253a02e4901bd9a325b5e8c2d","status":"affected","versionType":"git"},{"version":"d8974c7fe717ee8fb0706e35cc92e0bcdf660ec5","status":"affected","versionType":"git"},{"version":"8f67918af09fc0ffd426a9b6f87697976d3fbc7b","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/nilfs2/segment.c"],"versions":[{"version":"3.12","status":"affected"},{"version":"0","lessThan":"3.12","status":"unaffected","versionType":"semver"},{"version":"4.19.307","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.269","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.210","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.149","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.79","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.18","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.6","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"4.19.307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.4.269"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.10.210"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.15.149"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"6.1.79"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"6.6.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"6.7.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"6.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.52"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.83"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c4a09fdac625e64abe478dcf88bfa20406616928"},{"url":"https://git.kernel.org/stable/c/d31c8721e816eff5ca6573cc487754f357c093cd"},{"url":"https://git.kernel.org/stable/c/f3e4963566f58726d3265a727116a42b591f6596"},{"url":"https://git.kernel.org/stable/c/8fa90634ec3e9cc50f42dd605eec60f2d146ced8"},{"url":"https://git.kernel.org/stable/c/6589f0f72f8edd1fa11adce4eedbd3615f2e78ab"},{"url":"https://git.kernel.org/stable/c/2c3bdba00283a6c7a5b19481a59a730f46063803"},{"url":"https://git.kernel.org/stable/c/626daab3811b772086aef1bf8eed3ffe6f523eff"},{"url":"https://git.kernel.org/stable/c/5bc09b397cbf1221f8a8aacb1152650c9195b02b"}],"title":"nilfs2: fix potential bug in end_buffer_async_write","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-noinfo Not enough information"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-04-03T18:35:50.019246Z","id":"CVE-2024-26685","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-07T14:55:46.383Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:14:12.823Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/c4a09fdac625e64abe478dcf88bfa20406616928","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d31c8721e816eff5ca6573cc487754f357c093cd","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f3e4963566f58726d3265a727116a42b591f6596","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/8fa90634ec3e9cc50f42dd605eec60f2d146ced8","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6589f0f72f8edd1fa11adce4eedbd3615f2e78ab","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2c3bdba00283a6c7a5b19481a59a730f46063803","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/626daab3811b772086aef1bf8eed3ffe6f523eff","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/5bc09b397cbf1221f8a8aacb1152650c9195b02b","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]}]}]},"dataVersion":"5.2"}