CVE-2024-50230
Vulnerability from cvelistv5
Published
2024-11-09 10:14
Modified
2024-12-19 09:35
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of checked flag Syzbot reported that in directory operations after nilfs2 detects filesystem corruption and degrades to read-only, __block_write_begin_int(), which is called to prepare block writes, may fail the BUG_ON check for accesses exceeding the folio/page size, triggering a kernel bug. This was found to be because the "checked" flag of a page/folio was not cleared when it was discarded by nilfs2's own routine, which causes the sanity check of directory entries to be skipped when the directory page/folio is reloaded. So, fix that. This was necessary when the use of nilfs2's own page discard routine was applied to more than just metadata files.
Impacted products
Vendor Product Version
Linux Linux Version: 3.10
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/page.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "994b2fa13a6c9cf3feca93090a9c337d48e3d60d",
              "status": "affected",
              "version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
              "versionType": "git"
            },
            {
              "lessThan": "64afad73e4623308d8943645e5631f2c7a2d7971",
              "status": "affected",
              "version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
              "versionType": "git"
            },
            {
              "lessThan": "aa0cee46c5d3fd9a39575a4c8a4f65f25f095b89",
              "status": "affected",
              "version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
              "versionType": "git"
            },
            {
              "lessThan": "f05dbebb8ee34882505d53d83af7d18f28a49248",
              "status": "affected",
              "version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
              "versionType": "git"
            },
            {
              "lessThan": "cd0cdb51b15203fa27d4b714be83b7dfffa0b752",
              "status": "affected",
              "version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
              "versionType": "git"
            },
            {
              "lessThan": "f2f1fa446676c21edb777e6d2bc4fa8f956fab68",
              "status": "affected",
              "version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
              "versionType": "git"
            },
            {
              "lessThan": "56c6171932a7fb267ac6cb4ff8759b93ee1d0e2e",
              "status": "affected",
              "version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
              "versionType": "git"
            },
            {
              "lessThan": "41e192ad2779cae0102879612dfe46726e4396aa",
              "status": "affected",
              "version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/page.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "lessThan": "3.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.171",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.116",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.60",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of checked flag\n\nSyzbot reported that in directory operations after nilfs2 detects\nfilesystem corruption and degrades to read-only,\n__block_write_begin_int(), which is called to prepare block writes, may\nfail the BUG_ON check for accesses exceeding the folio/page size,\ntriggering a kernel bug.\n\nThis was found to be because the \"checked\" flag of a page/folio was not\ncleared when it was discarded by nilfs2\u0027s own routine, which causes the\nsanity check of directory entries to be skipped when the directory\npage/folio is reloaded.  So, fix that.\n\nThis was necessary when the use of nilfs2\u0027s own page discard routine was\napplied to more than just metadata files."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:35:58.179Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/994b2fa13a6c9cf3feca93090a9c337d48e3d60d"
        },
        {
          "url": "https://git.kernel.org/stable/c/64afad73e4623308d8943645e5631f2c7a2d7971"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa0cee46c5d3fd9a39575a4c8a4f65f25f095b89"
        },
        {
          "url": "https://git.kernel.org/stable/c/f05dbebb8ee34882505d53d83af7d18f28a49248"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd0cdb51b15203fa27d4b714be83b7dfffa0b752"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2f1fa446676c21edb777e6d2bc4fa8f956fab68"
        },
        {
          "url": "https://git.kernel.org/stable/c/56c6171932a7fb267ac6cb4ff8759b93ee1d0e2e"
        },
        {
          "url": "https://git.kernel.org/stable/c/41e192ad2779cae0102879612dfe46726e4396aa"
        }
      ],
      "title": "nilfs2: fix kernel bug due to missing clearing of checked flag",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50230",
    "datePublished": "2024-11-09T10:14:40.576Z",
    "dateReserved": "2024-10-21T19:36:19.973Z",
    "dateUpdated": "2024-12-19T09:35:58.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-50230\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-09T11:15:08.973\",\"lastModified\":\"2024-11-13T18:31:09.340\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnilfs2: fix kernel bug due to missing clearing of checked flag\\n\\nSyzbot reported that in directory operations after nilfs2 detects\\nfilesystem corruption and degrades to read-only,\\n__block_write_begin_int(), which is called to prepare block writes, may\\nfail the BUG_ON check for accesses exceeding the folio/page size,\\ntriggering a kernel bug.\\n\\nThis was found to be because the \\\"checked\\\" flag of a page/folio was not\\ncleared when it was discarded by nilfs2\u0027s own routine, which causes the\\nsanity check of directory entries to be skipped when the directory\\npage/folio is reloaded.  So, fix that.\\n\\nThis was necessary when the use of nilfs2\u0027s own page discard routine was\\napplied to more than just metadata files.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: se corrige un error del kernel debido a la falta de limpieza del indicador marcado Syzbot inform\u00f3 que en las operaciones de directorio despu\u00e9s de que nilfs2 detecta corrupci\u00f3n del sistema de archivos y se degrada a solo lectura, __block_write_begin_int(), que se llama para preparar escrituras en bloque, puede fallar la verificaci\u00f3n BUG_ON para accesos que excedan el tama\u00f1o de folio/p\u00e1gina, lo que desencadena un error del kernel. Se descubri\u00f3 que esto se deb\u00eda a que el indicador \\\"marcado\\\" de una p\u00e1gina/folio no se borraba cuando era descartado por la propia rutina de nilfs2, lo que hace que se omita la verificaci\u00f3n de cordura de las entradas del directorio cuando se vuelve a cargar la p\u00e1gina/folio del directorio. Entonces, arreglen eso. Esto era necesario cuando el uso de la propia rutina de descarte de p\u00e1gina de nilfs2 se aplicaba a m\u00e1s que solo archivos de metadatos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.10\",\"versionEndExcluding\":\"4.19.323\",\"matchCriteriaId\":\"4275189E-11C2-4607-92FC-0606E12A465F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.285\",\"matchCriteriaId\":\"B5A89369-320F-47FC-8695-56F61F87E4C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.229\",\"matchCriteriaId\":\"1A03CABE-9B43-4E7F-951F-10DEEADAA426\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.171\",\"matchCriteriaId\":\"2BE18665-48ED-417A-90AA-41F3AC0B4E9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.116\",\"matchCriteriaId\":\"43EFDC15-E4D4-4F1E-B70D-62F0854BFDF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.60\",\"matchCriteriaId\":\"75088E5E-2400-4D20-915F-7A65C55D9CCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.7\",\"matchCriteriaId\":\"E96F53A4-5E87-4A70-BD9A-BC327828D57F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/41e192ad2779cae0102879612dfe46726e4396aa\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/56c6171932a7fb267ac6cb4ff8759b93ee1d0e2e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/64afad73e4623308d8943645e5631f2c7a2d7971\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/994b2fa13a6c9cf3feca93090a9c337d48e3d60d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/aa0cee46c5d3fd9a39575a4c8a4f65f25f095b89\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cd0cdb51b15203fa27d4b714be83b7dfffa0b752\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f05dbebb8ee34882505d53d83af7d18f28a49248\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f2f1fa446676c21edb777e6d2bc4fa8f956fab68\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.