CVE-2024-50230
Vulnerability from cvelistv5
Published
2024-11-09 10:14
Modified
2024-12-19 09:35
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix kernel bug due to missing clearing of checked flag
Syzbot reported that in directory operations after nilfs2 detects
filesystem corruption and degrades to read-only,
__block_write_begin_int(), which is called to prepare block writes, may
fail the BUG_ON check for accesses exceeding the folio/page size,
triggering a kernel bug.
This was found to be because the "checked" flag of a page/folio was not
cleared when it was discarded by nilfs2's own routine, which causes the
sanity check of directory entries to be skipped when the directory
page/folio is reloaded. So, fix that.
This was necessary when the use of nilfs2's own page discard routine was
applied to more than just metadata files.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 8c26c4e2694a163d525976e804d81cd955bbb40c Version: 8c26c4e2694a163d525976e804d81cd955bbb40c Version: 8c26c4e2694a163d525976e804d81cd955bbb40c Version: 8c26c4e2694a163d525976e804d81cd955bbb40c Version: 8c26c4e2694a163d525976e804d81cd955bbb40c Version: 8c26c4e2694a163d525976e804d81cd955bbb40c Version: 8c26c4e2694a163d525976e804d81cd955bbb40c Version: 8c26c4e2694a163d525976e804d81cd955bbb40c |
||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/nilfs2/page.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "994b2fa13a6c9cf3feca93090a9c337d48e3d60d", "status": "affected", "version": "8c26c4e2694a163d525976e804d81cd955bbb40c", "versionType": "git" }, { "lessThan": "64afad73e4623308d8943645e5631f2c7a2d7971", "status": "affected", "version": "8c26c4e2694a163d525976e804d81cd955bbb40c", "versionType": "git" }, { "lessThan": "aa0cee46c5d3fd9a39575a4c8a4f65f25f095b89", "status": "affected", "version": "8c26c4e2694a163d525976e804d81cd955bbb40c", "versionType": "git" }, { "lessThan": "f05dbebb8ee34882505d53d83af7d18f28a49248", "status": "affected", "version": "8c26c4e2694a163d525976e804d81cd955bbb40c", "versionType": "git" }, { "lessThan": "cd0cdb51b15203fa27d4b714be83b7dfffa0b752", "status": "affected", "version": "8c26c4e2694a163d525976e804d81cd955bbb40c", "versionType": "git" }, { "lessThan": "f2f1fa446676c21edb777e6d2bc4fa8f956fab68", "status": "affected", "version": "8c26c4e2694a163d525976e804d81cd955bbb40c", "versionType": "git" }, { "lessThan": "56c6171932a7fb267ac6cb4ff8759b93ee1d0e2e", "status": "affected", "version": "8c26c4e2694a163d525976e804d81cd955bbb40c", "versionType": "git" }, { "lessThan": "41e192ad2779cae0102879612dfe46726e4396aa", "status": "affected", "version": "8c26c4e2694a163d525976e804d81cd955bbb40c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/nilfs2/page.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.10" }, { "lessThan": "3.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.323", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.285", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.229", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.171", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.116", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.60", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of checked flag\n\nSyzbot reported that in directory operations after nilfs2 detects\nfilesystem corruption and degrades to read-only,\n__block_write_begin_int(), which is called to prepare block writes, may\nfail the BUG_ON check for accesses exceeding the folio/page size,\ntriggering a kernel bug.\n\nThis was found to be because the \"checked\" flag of a page/folio was not\ncleared when it was discarded by nilfs2\u0027s own routine, which causes the\nsanity check of directory entries to be skipped when the directory\npage/folio is reloaded. So, fix that.\n\nThis was necessary when the use of nilfs2\u0027s own page discard routine was\napplied to more than just metadata files." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:35:58.179Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/994b2fa13a6c9cf3feca93090a9c337d48e3d60d" }, { "url": "https://git.kernel.org/stable/c/64afad73e4623308d8943645e5631f2c7a2d7971" }, { "url": "https://git.kernel.org/stable/c/aa0cee46c5d3fd9a39575a4c8a4f65f25f095b89" }, { "url": "https://git.kernel.org/stable/c/f05dbebb8ee34882505d53d83af7d18f28a49248" }, { "url": "https://git.kernel.org/stable/c/cd0cdb51b15203fa27d4b714be83b7dfffa0b752" }, { "url": "https://git.kernel.org/stable/c/f2f1fa446676c21edb777e6d2bc4fa8f956fab68" }, { "url": "https://git.kernel.org/stable/c/56c6171932a7fb267ac6cb4ff8759b93ee1d0e2e" }, { "url": "https://git.kernel.org/stable/c/41e192ad2779cae0102879612dfe46726e4396aa" } ], "title": "nilfs2: fix kernel bug due to missing clearing of checked flag", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50230", "datePublished": "2024-11-09T10:14:40.576Z", "dateReserved": "2024-10-21T19:36:19.973Z", "dateUpdated": "2024-12-19T09:35:58.179Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-50230\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-09T11:15:08.973\",\"lastModified\":\"2024-11-13T18:31:09.340\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnilfs2: fix kernel bug due to missing clearing of checked flag\\n\\nSyzbot reported that in directory operations after nilfs2 detects\\nfilesystem corruption and degrades to read-only,\\n__block_write_begin_int(), which is called to prepare block writes, may\\nfail the BUG_ON check for accesses exceeding the folio/page size,\\ntriggering a kernel bug.\\n\\nThis was found to be because the \\\"checked\\\" flag of a page/folio was not\\ncleared when it was discarded by nilfs2\u0027s own routine, which causes the\\nsanity check of directory entries to be skipped when the directory\\npage/folio is reloaded. So, fix that.\\n\\nThis was necessary when the use of nilfs2\u0027s own page discard routine was\\napplied to more than just metadata files.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: se corrige un error del kernel debido a la falta de limpieza del indicador marcado Syzbot inform\u00f3 que en las operaciones de directorio despu\u00e9s de que nilfs2 detecta corrupci\u00f3n del sistema de archivos y se degrada a solo lectura, __block_write_begin_int(), que se llama para preparar escrituras en bloque, puede fallar la verificaci\u00f3n BUG_ON para accesos que excedan el tama\u00f1o de folio/p\u00e1gina, lo que desencadena un error del kernel. Se descubri\u00f3 que esto se deb\u00eda a que el indicador \\\"marcado\\\" de una p\u00e1gina/folio no se borraba cuando era descartado por la propia rutina de nilfs2, lo que hace que se omita la verificaci\u00f3n de cordura de las entradas del directorio cuando se vuelve a cargar la p\u00e1gina/folio del directorio. Entonces, arreglen eso. Esto era necesario cuando el uso de la propia rutina de descarte de p\u00e1gina de nilfs2 se aplicaba a m\u00e1s que solo archivos de metadatos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.10\",\"versionEndExcluding\":\"4.19.323\",\"matchCriteriaId\":\"4275189E-11C2-4607-92FC-0606E12A465F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.285\",\"matchCriteriaId\":\"B5A89369-320F-47FC-8695-56F61F87E4C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.229\",\"matchCriteriaId\":\"1A03CABE-9B43-4E7F-951F-10DEEADAA426\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.171\",\"matchCriteriaId\":\"2BE18665-48ED-417A-90AA-41F3AC0B4E9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.116\",\"matchCriteriaId\":\"43EFDC15-E4D4-4F1E-B70D-62F0854BFDF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.60\",\"matchCriteriaId\":\"75088E5E-2400-4D20-915F-7A65C55D9CCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.7\",\"matchCriteriaId\":\"E96F53A4-5E87-4A70-BD9A-BC327828D57F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/41e192ad2779cae0102879612dfe46726e4396aa\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/56c6171932a7fb267ac6cb4ff8759b93ee1d0e2e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/64afad73e4623308d8943645e5631f2c7a2d7971\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/994b2fa13a6c9cf3feca93090a9c337d48e3d60d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/aa0cee46c5d3fd9a39575a4c8a4f65f25f095b89\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cd0cdb51b15203fa27d4b714be83b7dfffa0b752\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f05dbebb8ee34882505d53d83af7d18f28a49248\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f2f1fa446676c21edb777e6d2bc4fa8f956fab68\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.