CVE-2024-49877

Summary

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate

When doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger NULL pointer dereference in the following ocfs2_set_buffer_uptodate() if bh is NULL.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6c150df9c2e80b5cf86f5a0d98beb7390ad63bfc < 190d98bcd61117a78fe185222d162180f061a6caaffected
LinuxLinuxcf76c78595ca87548ca5e45c862ac9e0949c4687 < e68c8323355e8cedfbe0bec7d5a39009f61640b6affected
LinuxLinuxcf76c78595ca87548ca5e45c862ac9e0949c4687 < 61b84013e560382cbe7dd56758be3154d43a3988affected
LinuxLinuxcf76c78595ca87548ca5e45c862ac9e0949c4687 < df944dc46d06af65a75191183d52be017e6b9dbeaffected
LinuxLinuxcf76c78595ca87548ca5e45c862ac9e0949c4687 < 01cb2e751cc61ade454c9bc1aaa2eac1f8197112affected
LinuxLinuxcf76c78595ca87548ca5e45c862ac9e0949c4687 < d52c5652e7dcb7a0648bbb8642cc3e617070ab49affected
LinuxLinuxcf76c78595ca87548ca5e45c862ac9e0949c4687 < 46b1edf0536a5291a8ad2337f88c926214b209d9affected
LinuxLinuxcf76c78595ca87548ca5e45c862ac9e0949c4687 < 4846e72ab5a0726e49ad4188b9d9df091ae78c64affected
LinuxLinuxcf76c78595ca87548ca5e45c862ac9e0949c4687 < 33b525cef4cff49e216e4133cc48452e11c0391eaffected
LinuxLinux01f93d5e36753fc4d06ec67f05ce78c9c6f2dd56affected
LinuxLinux65cbd1279f4b999d56a838344a30642db24cd215affected
LinuxLinux97e1db17bc1ef4c2e1789bc9323c7be44fba53f8affected
LinuxLinux4.19.87 < 4.19.323affected
LinuxLinux4.4.204 < 4.5affected
LinuxLinux4.9.204 < 4.10affected
LinuxLinux4.14.157 < 4.15affected
LinuxLinux4.20affected
LinuxLinux0 < 4.20unaffected
LinuxLinux4.19.323 <= 4.19.*unaffected
LinuxLinux5.4.285 <= 5.4.*unaffected
LinuxLinux5.10.227 <= 5.10.*unaffected
LinuxLinux5.15.168 <= 5.15.*unaffected
LinuxLinux6.1.113 <= 6.1.*unaffected
LinuxLinux6.6.55 <= 6.6.*unaffected
LinuxLinux6.10.14 <= 6.10.*unaffected
LinuxLinux6.11.3 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References