CVE-2024-50230

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of checked flag Syzbot reported that in directory operations after nilfs2 detects filesystem corruption and degrades to read-only, __block_write_begin_int(), which is called to prepare block writes, may fail the BUG_ON check for accesses exceeding the folio/page size, triggering a kernel bug. This was found to be because the "checked" flag of a page/folio was not cleared when it was discarded by nilfs2's own routine, which causes the sanity check of directory entries to be skipped when the directory page/folio is reloaded. So, fix that. This was necessary when the use of nilfs2's own page discard routine was applied to more than just metadata files.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/41e192ad2779cae0102879612dfe46726e4396aa	Patch
https://git.kernel.org/stable/c/56c6171932a7fb267ac6cb4ff8759b93ee1d0e2e	Patch
https://git.kernel.org/stable/c/64afad73e4623308d8943645e5631f2c7a2d7971	Patch
https://git.kernel.org/stable/c/994b2fa13a6c9cf3feca93090a9c337d48e3d60d	Patch
https://git.kernel.org/stable/c/aa0cee46c5d3fd9a39575a4c8a4f65f25f095b89	Patch
https://git.kernel.org/stable/c/cd0cdb51b15203fa27d4b714be83b7dfffa0b752	Patch
https://git.kernel.org/stable/c/f05dbebb8ee34882505d53d83af7d18f28a49248	Patch
https://git.kernel.org/stable/c/f2f1fa446676c21edb777e6d2bc4fa8f956fab68	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::

History

13 Nov 2024, 18:31

Type	Values Removed	Values Added
CWE		CWE-787
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~() https://git.kernel.org/stable/c/41e192ad2779cae0102879612dfe46726e4396aa -~~	() https://git.kernel.org/stable/c/41e192ad2779cae0102879612dfe46726e4396aa - Patch
References	~~() https://git.kernel.org/stable/c/56c6171932a7fb267ac6cb4ff8759b93ee1d0e2e -~~	() https://git.kernel.org/stable/c/56c6171932a7fb267ac6cb4ff8759b93ee1d0e2e - Patch
References	~~() https://git.kernel.org/stable/c/64afad73e4623308d8943645e5631f2c7a2d7971 -~~	() https://git.kernel.org/stable/c/64afad73e4623308d8943645e5631f2c7a2d7971 - Patch
References	~~() https://git.kernel.org/stable/c/994b2fa13a6c9cf3feca93090a9c337d48e3d60d -~~	() https://git.kernel.org/stable/c/994b2fa13a6c9cf3feca93090a9c337d48e3d60d - Patch
References	~~() https://git.kernel.org/stable/c/aa0cee46c5d3fd9a39575a4c8a4f65f25f095b89 -~~	() https://git.kernel.org/stable/c/aa0cee46c5d3fd9a39575a4c8a4f65f25f095b89 - Patch
References	~~() https://git.kernel.org/stable/c/cd0cdb51b15203fa27d4b714be83b7dfffa0b752 -~~	() https://git.kernel.org/stable/c/cd0cdb51b15203fa27d4b714be83b7dfffa0b752 - Patch
References	~~() https://git.kernel.org/stable/c/f05dbebb8ee34882505d53d83af7d18f28a49248 -~~	() https://git.kernel.org/stable/c/f05dbebb8ee34882505d53d83af7d18f28a49248 - Patch
References	~~() https://git.kernel.org/stable/c/f2f1fa446676c21edb777e6d2bc4fa8f956fab68 -~~	() https://git.kernel.org/stable/c/f2f1fa446676c21edb777e6d2bc4fa8f956fab68 - Patch
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::

12 Nov 2024, 13:56

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: se corrige un error del kernel debido a la falta de limpieza del indicador marcado Syzbot informó que en las operaciones de directorio después de que nilfs2 detecta corrupción del sistema de archivos y se degrada a solo lectura, __block_write_begin_int(), que se llama para preparar escrituras en bloque, puede fallar la verificación BUG_ON para accesos que excedan el tamaño de folio/página, lo que desencadena un error del kernel. Se descubrió que esto se debía a que el indicador "marcado" de una página/folio no se borraba cuando era descartado por la propia rutina de nilfs2, lo que hace que se omita la verificación de cordura de las entradas del directorio cuando se vuelve a cargar la página/folio del directorio. Entonces, arreglen eso. Esto era necesario cuando el uso de la propia rutina de descarte de página de nilfs2 se aplicaba a más que solo archivos de metadatos.

09 Nov 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-09 11:15

Updated : 2024-11-13 18:31

NVD link : CVE-2024-50230

Mitre link : CVE-2024-50230

CVE.ORG link : CVE-2024-50230

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-787

Out-of-bounds Write

7.8 /10