CVE-2024-46701: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2024-46701) was discovered in the libfs component that could lead to infinite directory reads for offset directories. The issue was identified when tmpfs directory operations were switched from simplediroperations to simpleoffsetdir_operations. The vulnerability affects Linux kernel versions from 6.6 up to (excluding) 6.10.7, and version 6.11 release candidates (rc1, rc2, rc3) (NVD).

The vulnerability occurs when rename operations fill new dentry entries to the destination directory's maple tree with a free key starting with octx->newxoffset, followed by incrementing newxoffset. This can result in infinite readdir operations when combined with simultaneous rename operations. The issue manifests when creating multiple files under one directory, calling readdir once to get an entry, and then performing rename operations in a loop. The CVSS v3.1 base score is 5.5 (MEDIUM) with a vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can cause a denial of service condition through infinite directory reads, potentially affecting system stability and performance. This is particularly evident in scenarios involving directory operations with multiple file renames (Kernel Patch).

The issue has been fixed by implementing the same logic used in the btrfs fix for infinite directory reads. The solution involves recording the lastindex when opening a directory and preventing the emission of entries with an index greater than or equal to lastindex. The fix updates the last_index during directory seek operations when the offset is zero (Kernel Patch).