ghsa-m4g4-rwxc-376v
Vulnerability from github
Published
2024-11-09 12:30
Modified
2024-11-13 18:31
Details

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix kernel bug due to missing clearing of checked flag

Syzbot reported that in directory operations after nilfs2 detects filesystem corruption and degrades to read-only, __block_write_begin_int(), which is called to prepare block writes, may fail the BUG_ON check for accesses exceeding the folio/page size, triggering a kernel bug.

This was found to be because the "checked" flag of a page/folio was not cleared when it was discarded by nilfs2's own routine, which causes the sanity check of directory entries to be skipped when the directory page/folio is reloaded. So, fix that.

This was necessary when the use of nilfs2's own page discard routine was applied to more than just metadata files.

Show details on source website


{
  "affected": [],
  "aliases": [
    "CVE-2024-50230"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-09T11:15:08Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of checked flag\n\nSyzbot reported that in directory operations after nilfs2 detects\nfilesystem corruption and degrades to read-only,\n__block_write_begin_int(), which is called to prepare block writes, may\nfail the BUG_ON check for accesses exceeding the folio/page size,\ntriggering a kernel bug.\n\nThis was found to be because the \"checked\" flag of a page/folio was not\ncleared when it was discarded by nilfs2\u0027s own routine, which causes the\nsanity check of directory entries to be skipped when the directory\npage/folio is reloaded.  So, fix that.\n\nThis was necessary when the use of nilfs2\u0027s own page discard routine was\napplied to more than just metadata files.",
  "id": "GHSA-m4g4-rwxc-376v",
  "modified": "2024-11-13T18:31:53Z",
  "published": "2024-11-09T12:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50230"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/41e192ad2779cae0102879612dfe46726e4396aa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/56c6171932a7fb267ac6cb4ff8759b93ee1d0e2e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/64afad73e4623308d8943645e5631f2c7a2d7971"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/994b2fa13a6c9cf3feca93090a9c337d48e3d60d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aa0cee46c5d3fd9a39575a4c8a4f65f25f095b89"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cd0cdb51b15203fa27d4b714be83b7dfffa0b752"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f05dbebb8ee34882505d53d83af7d18f28a49248"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f2f1fa446676c21edb777e6d2bc4fa8f956fab68"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.