CVE-2024-49957
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix null-ptr-deref when journal load failed.
During the mounting process, if journal_reset() fails because of too short journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() calls jbd2_journal_flush()->jbd2_cleanup_journal_tail()-> __jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail() ->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer dereference error.
To resolve this issue, we should check the JBD2_LOADED flag to ensure the journal was properly loaded. Additionally, use journal instead of osb->journal directly to simplify the code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 < fd89d92c1140cee8f59de336cb37fa65e359c123 | affected |
| Linux | Linux | f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 < 703b2c7e0798d263154dc8593dc2345f75dc077f | affected |
| Linux | Linux | f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 < bf605ae98dab5c15c5b631d4d7f88898cb41b649 | affected |
| Linux | Linux | f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 < ff55291fb36779819211b596da703389135f5b05 | affected |
| Linux | Linux | f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 < 82dfdd1e31e774578f76ce6dc90c834f96403a0f | affected |
| Linux | Linux | f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 < 86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b | affected |
| Linux | Linux | f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 < f60e94a83db799bde625ac8671a5b4a6354e7120 | affected |
| Linux | Linux | f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 < 387bf565cc03e2e8c720b8b4798efea4aacb6962 | affected |
| Linux | Linux | f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 < 5784d9fcfd43bd853654bb80c87ef293b9e8e80a | affected |
| Linux | Linux | 2.6.32 | affected |
| Linux | Linux | 0 < 2.6.32 | unaffected |
| Linux | Linux | 4.19.323 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.285 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.227 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.168 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.113 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.55 <= 6.6.* | unaffected |
| Linux | Linux | 6.10.14 <= 6.10.* | unaffected |
| Linux | Linux | 6.11.3 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
References
- https://git.kernel.org/stable/c/fd89d92c1140cee8f59de336cb37fa65e359c123
- https://git.kernel.org/stable/c/703b2c7e0798d263154dc8593dc2345f75dc077f
- https://git.kernel.org/stable/c/bf605ae98dab5c15c5b631d4d7f88898cb41b649
- https://git.kernel.org/stable/c/ff55291fb36779819211b596da703389135f5b05
- https://git.kernel.org/stable/c/82dfdd1e31e774578f76ce6dc90c834f96403a0f
- https://git.kernel.org/stable/c/86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b
- https://git.kernel.org/stable/c/f60e94a83db799bde625ac8671a5b4a6354e7120
- https://git.kernel.org/stable/c/387bf565cc03e2e8c720b8b4798efea4aacb6962
- https://git.kernel.org/stable/c/5784d9fcfd43bd853654bb80c87ef293b9e8e80a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.