CVE-2024-44939

Summary

In the Linux kernel, the following vulnerability has been resolved:

jfs: fix null ptr deref in dtInsertEntry

[syzbot reported] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713 … [Analyze] In dtInsertEntry(), when the pointer h has the same value as p, after writing name in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the previously true judgment "p->header.flag & BT-LEAF" to change to no after writing the name operation, this leads to entering an incorrect branch and accessing the uninitialized object ih when judging this condition for the second time.

[Fix] After got the page, check freelist first, if freelist == 0 then exit dtInsert() and return -EINVAL.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f98bf80b20f4a930589cda48a35f751a64fe0dc2affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 53023ab11836ac56fd75f7a71ec1356e50920fa9affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6ea10dbb1e6c58384136e9adfd75f81951e423f6affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9c2ac38530d1a3ee558834dfa16c85a40fd0e702affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < ce6dede912f064a855acf6f04a04cbb2c25b8c8caffected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux5.15.189 <= 5.15.*unaffected
LinuxLinux6.1.107 <= 6.1.*unaffected
LinuxLinux6.6.47 <= 6.6.*unaffected
LinuxLinux6.10.6 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References