{
    "dataType": "CVE_RECORD",
    "cveMetadata": {
        "cveId": "CVE-2024-35807",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-05-17T12:19:12.342Z",
        "datePublished": "2024-05-17T13:23:14.869Z",
        "dateUpdated": "2024-08-02T03:21:47.537Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-05-29T05:29:20.409Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix corruption during on-line resize\n\nWe observed a corruption during on-line resize of a file system that is\nlarger than 16 TiB with 4k block size. With having more then 2^32 blocks\nresize_inode is turned off by default by mke2fs. The issue can be\nreproduced on a smaller file system for convenience by explicitly\nturning off resize_inode. An on-line resize across an 8 GiB boundary (the\nsize of a meta block group in this setup) then leads to a corruption:\n\n  dev=/dev/<some_dev> # should be >= 16 GiB\n  mkdir -p /corruption\n  /sbin/mke2fs -t ext4 -b 4096 -O ^resize_inode $dev $((2 * 2**21 - 2**15))\n  mount -t ext4 $dev /corruption\n\n  dd if=/dev/zero bs=4096 of=/corruption/test count=$((2*2**21 - 4*2**15))\n  sha1sum /corruption/test\n  # 79d2658b39dcfd77274e435b0934028adafaab11  /corruption/test\n\n  /sbin/resize2fs $dev $((2*2**21))\n  # drop page cache to force reload the block from disk\n  echo 1 > /proc/sys/vm/drop_caches\n\n  sha1sum /corruption/test\n  # 3c2abc63cbf1a94c9e6977e0fbd72cd832c4d5c3  /corruption/test\n\n2^21 = 2^15*2^6 equals 8 GiB whereof 2^15 is the number of blocks per\nblock group and 2^6 are the number of block groups that make a meta\nblock group.\n\nThe last checksum might be different depending on how the file is laid\nout across the physical blocks. The actual corruption occurs at physical\nblock 63*2^15 = 2064384 which would be the location of the backup of the\nmeta block group's block descriptor. During the on-line resize the file\nsystem will be converted to meta_bg starting at s_first_meta_bg which is\n2 in the example - meaning all block groups after 16 GiB. However, in\next4_flex_group_add we might add block groups that are not part of the\nfirst meta block group yet. In the reproducer we achieved this by\nsubstracting the size of a whole block group from the point where the\nmeta block group would start. This must be considered when updating the\nbackup block group descriptors to follow the non-meta_bg layout. The fix\nis to add a test whether the group to add is already part of the meta\nblock group or not."
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "fs/ext4/resize.c"
                    ],
                    "versions": [
                        {
                            "version": "01f795f9e0d6",
                            "lessThan": "75cc31c2e719",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "01f795f9e0d6",
                            "lessThan": "ee4e9c197614",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "01f795f9e0d6",
                            "lessThan": "e8e8b1973172",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "01f795f9e0d6",
                            "lessThan": "239c669edb2b",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "01f795f9e0d6",
                            "lessThan": "fb1088d51bba",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "01f795f9e0d6",
                            "lessThan": "37b6a3ba793b",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "01f795f9e0d6",
                            "lessThan": "b461910af8ba",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "01f795f9e0d6",
                            "lessThan": "722d2c01b8b1",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "01f795f9e0d6",
                            "lessThan": "a6b3bfe176e8",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "fs/ext4/resize.c"
                    ],
                    "versions": [
                        {
                            "version": "3.7",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "3.7",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "4.19.312",
                            "lessThanOrEqual": "4.19.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.4.274",
                            "lessThanOrEqual": "5.4.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.10.215",
                            "lessThanOrEqual": "5.10.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.15.154",
                            "lessThanOrEqual": "5.15.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.1.84",
                            "lessThanOrEqual": "6.1.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.6.24",
                            "lessThanOrEqual": "6.6.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.7.12",
                            "lessThanOrEqual": "6.7.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.8.3",
                            "lessThanOrEqual": "6.8.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.9",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/75cc31c2e7193b69f5d25650bda5bb42ed92f8a1"
                },
                {
                    "url": "https://git.kernel.org/stable/c/ee4e9c1976147a850f6085a13fca95bcaa00d84c"
                },
                {
                    "url": "https://git.kernel.org/stable/c/e8e8b197317228b5089ed9e7802dadf3ccaa027a"
                },
                {
                    "url": "https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6"
                },
                {
                    "url": "https://git.kernel.org/stable/c/fb1088d51bbaa0faec5a55d4f5818a9ab79e24df"
                },
                {
                    "url": "https://git.kernel.org/stable/c/37b6a3ba793bbbae057f5b991970ebcc52cb3db5"
                },
                {
                    "url": "https://git.kernel.org/stable/c/b461910af8ba3bed80f48c2bf852686d05c6fc5c"
                },
                {
                    "url": "https://git.kernel.org/stable/c/722d2c01b8b108f8283d1b7222209d5b2a5aa7bd"
                },
                {
                    "url": "https://git.kernel.org/stable/c/a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc"
                },
                {
                    "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
                },
                {
                    "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
                }
            ],
            "title": "ext4: fix corruption during on-line resize",
            "x_generator": {
                "engine": "bippy-a5840b7849dd"
            }
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-06-12T15:25:51.499528Z",
                                "id": "CVE-2024-35807",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-06-12T15:26:07.895Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-02T03:21:47.537Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://git.kernel.org/stable/c/75cc31c2e7193b69f5d25650bda5bb42ed92f8a1",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/ee4e9c1976147a850f6085a13fca95bcaa00d84c",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/e8e8b197317228b5089ed9e7802dadf3ccaa027a",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/fb1088d51bbaa0faec5a55d4f5818a9ab79e24df",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/37b6a3ba793bbbae057f5b991970ebcc52cb3db5",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/b461910af8ba3bed80f48c2bf852686d05c6fc5c",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/722d2c01b8b108f8283d1b7222209d5b2a5aa7bd",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    },
    "dataVersion": "5.1"
}