{"id":"CVE-2024-26848","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix endless loop in directory parsing\n\nIf a directory has a block with only \".__afsXXXX\" files in it (from\nuncompleted silly-rename), these .__afsXXXX files are skipped but without\nadvancing the file position in the dir_context.  This leads to\nafs_dir_iterate() repeating the block again and again.\n\nFix this by making the code that skips the .__afsXXXX file also manually\nadvance the file position.\n\nThe symptoms are a soft lookup:\n\n        watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737]\n        ...\n        RIP: 0010:afs_dir_iterate_block+0x39/0x1fd\n        ...\n         ? watchdog_timer_fn+0x1a6/0x213\n        ...\n         ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n         ? afs_dir_iterate_block+0x39/0x1fd\n         afs_dir_iterate+0x10a/0x148\n         afs_readdir+0x30/0x4a\n         iterate_dir+0x93/0xd3\n         __do_sys_getdents64+0x6b/0xd4\n\nThis is almost certainly the actual fix for:\n\n        https://bugzilla.kernel.org/show_bug.cgi?id=218496","modified":"2024-12-19T21:56:38.742098Z","published":"2024-04-17T11:15:08Z","withdrawn":"2024-12-19T21:56:38.742098Z","related":["SUSE-SU-2024:1490-1","SUSE-SU-2024:1659-1","SUSE-SU-2024:1663-1","SUSE-SU-2024:2135-1"],"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/058ed71e0f7aa3b6694ca357e23d084e5d3f2470"},{"type":"WEB","url":"https://git.kernel.org/stable/c/106e14ca55a0acb3236ee98813a1d243f8aa2d05"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2afdd0cb02329464d77f3ec59468395c791a51a4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5c78be006ed9cb735ac2abf4fd64f3f4ea26da31"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5f7a07646655fb4108da527565dcdc80124b14c4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/76426abf9b980b46983f97de8e5b25047b4c9863"},{"type":"WEB","url":"https://git.kernel.org/stable/c/80b15346492bdba677bbb0adefc611910e505f7b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/854ebf45a4ddd4cadeffb6644e88d19020634e1a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/96370ba395c572ef496fd2c7afc4a1ab3dedd3f0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9c41f4935625218a2053a2dce1423c3054169809"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a6ffae61ad9ebf2fdcb943135b2f30c85f49cd27"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b94f434fe977689da4291dc21717790b9bd1c064"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f67898867b6b0f4542cddc7fe57997978b948a7a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fe02316e4933befc621fa125efb8f8b4d04cceec"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2024-26848"}],"affected":[{"package":{"name":"linux","ecosystem":"Debian:11","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.216-1"}]}],"versions":["5.10.103-1","5.10.103-1~bpo10+1","5.10.106-1","5.10.113-1","5.10.120-1","5.10.120-1~bpo10+1","5.10.127-1","5.10.127-2","5.10.127-2~bpo10+1","5.10.136-1","5.10.140-1","5.10.148-1","5.10.149-1","5.10.149-2","5.10.158-1","5.10.158-2","5.10.162-1","5.10.178-1","5.10.178-2","5.10.178-3","5.10.179-1","5.10.179-2","5.10.179-3","5.10.179-4","5.10.179-5","5.10.191-1","5.10.197-1","5.10.205-1","5.10.205-2","5.10.209-1","5.10.209-2","5.10.46-4","5.10.46-5","5.10.70-1","5.10.70-1~bpo10+1","5.10.84-1","5.10.92-1","5.10.92-1~bpo10+1","5.10.92-2"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26848.json"}},{"package":{"name":"linux","ecosystem":"Debian:12","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.85-1"}]}],"versions":["6.1.27-1","6.1.37-1","6.1.38-1","6.1.38-2","6.1.38-2~bpo11+1","6.1.38-3","6.1.38-4","6.1.38-4~bpo11+1","6.1.52-1","6.1.55-1","6.1.55-1~bpo11+1","6.1.64-1","6.1.66-1","6.1.67-1","6.1.69-1","6.1.69-1~bpo11+1","6.1.76-1","6.1.76-1~bpo11+1","6.1.82-1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26848.json"}},{"package":{"name":"linux","ecosystem":"Debian:13","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.7.12-1"}]}],"versions":["6.1.106-1","6.1.106-2","6.1.106-3","6.1.112-1","6.1.115-1","6.1.27-1","6.1.37-1","6.1.38-1","6.1.38-2","6.1.38-2~bpo11+1","6.1.38-3","6.1.38-4","6.1.38-4~bpo11+1","6.1.52-1","6.1.55-1","6.1.55-1~bpo11+1","6.1.64-1","6.1.66-1","6.1.67-1","6.1.69-1","6.1.69-1~bpo11+1","6.1.76-1","6.1.76-1~bpo11+1","6.1.82-1","6.1.85-1","6.1.90-1","6.1.90-1~bpo11+1","6.1.94-1","6.1.94-1~bpo11+1","6.1.98-1","6.1.99-1","6.3.1-1~exp1","6.3.11-1","6.3.2-1~exp1","6.3.4-1~exp1","6.3.5-1~exp1","6.3.7-1","6.3.7-1~bpo12+1","6.4.1-1~exp1","6.4.11-1","6.4.13-1","6.4.4-1","6.4.4-1~bpo12+1","6.4.4-2","6.4.4-3","6.4.4-3~bpo12+1","6.4~rc6-1~exp1","6.4~rc7-1~exp1","6.5.1-1~exp1","6.5.10-1","6.5.10-1~bpo12+1","6.5.13-1","6.5.3-1","6.5.3-1~bpo12+1","6.5.6-1","6.5.8-1","6.5~rc4-1~exp1","6.5~rc6-1~exp1","6.5~rc7-1~exp1","6.6.11-1","6.6.13-1","6.6.13-1~bpo12+1","6.6.15-1","6.6.15-2","6.6.3-1~exp1","6.6.4-1~exp1","6.6.7-1~exp1","6.6.8-1","6.6.9-1","6.7-1~exp1","6.7.1-1~exp1","6.7.12-1~bpo12+1","6.7.4-1~exp1","6.7.7-1","6.7.9-1","6.7.9-2"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26848.json"}}],"schema_version":"1.7.3"}