CVE-2024-45003: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's Virtual File System (VFS) subsystem has been identified and tracked as CVE-2024-45003. The issue affects the inode reclaiming process where certain filesystems (e.g., ext4 with ea_inode feature, ubifs with xattr) may experience deadlock problems during inode lookup operations under the inode LRU traversing context (NVD).

The vulnerability stems from the inode reclaiming process in the prune_icache_sb function, which marks reclaimable inodes with I_FREEING flag. When other processes attempt to access these inodes through find_inode_fast, they can become stuck. The issue specifically manifests in two scenarios: 1) In ext4_evict_inode when ea_inode feature is enabled, causing an AA deadlock, and 2) In ubifs_jnl_write_inode when handling xattr, leading to an ABBA deadlock due to mutex locking conflicts (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 Base Score of 4.7 (Medium) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in system deadlocks when specific filesystem operations involving extended attributes are performed. This primarily affects system availability, as the deadlock condition can prevent normal filesystem operations from completing (NVD).

The issue has been fixed by introducing a new inode state flag I_LRU_ISOLATING to pin the inode in memory while inode_lru_isolate() reclaims its pages, instead of using ordinary inode reference. This prevents inode deletion from being triggered during the LRU isolation process. The fix has been implemented in various kernel versions through patches (Kernel Patch).