{"id":"CVE-2024-27058","summary":"tmpfs: fix race on handling dquot rbtree","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ntmpfs: fix race on handling dquot rbtree\n\nA syzkaller reproducer found a race while attempting to remove dquot\ninformation from the rb tree.\n\nFetching the rb_tree root node must also be protected by the\ndqopt-\u003edqio_sem, otherwise, giving the right timing, shmem_release_dquot()\nwill trigger a warning because it couldn't find a node in the tree, when\nthe real reason was the root node changing before the search starts:\n\nThread 1\t\t\t\tThread 2\n- shmem_release_dquot()\t\t\t- shmem_{acquire,release}_dquot()\n\n- fetch ROOT\t\t\t\t- Fetch ROOT\n\n\t\t\t\t\t- acquire dqio_sem\n- wait dqio_sem\n\n\t\t\t\t\t- do something, triger a tree rebalance\n\t\t\t\t\t- release dqio_sem\n\n- acquire dqio_sem\n- start searching for the node, but\n  from the wrong location, missing\n  the node, and triggering a warning.","modified":"2026-04-02T10:07:00.186875Z","published":"2024-05-01T13:00:06.852Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27058.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0a69b6b3a026543bc215ccc866d0aea5579e6ce2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c7077f43f30d817d10a9f8245e51576ac114b2f0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f82f184874d2761ebaa60dccf577921a0dbb3810"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27058.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27058"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"eafc474e202978ac735c551d5ee1eb8c02e2be54"},{"fixed":"c7077f43f30d817d10a9f8245e51576ac114b2f0"},{"fixed":"617d55b90e73c7b4aa2733ca6cc3f9b72d1124bb"},{"fixed":"f82f184874d2761ebaa60dccf577921a0dbb3810"},{"fixed":"0a69b6b3a026543bc215ccc866d0aea5579e6ce2"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27058.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"}]}