CVE-2024-47699
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
21/10/2024
Last modified:
08/11/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()<br />
<br />
Patch series "nilfs2: fix potential issues with empty b-tree nodes".<br />
<br />
This series addresses three potential issues with empty b-tree nodes that<br />
can occur with corrupted filesystem images, including one recently<br />
discovered by syzbot.<br />
<br />
<br />
This patch (of 3):<br />
<br />
If a b-tree is broken on the device, and the b-tree height is greater than<br />
2 (the level of the root node is greater than 1) even if the number of<br />
child nodes of the b-tree root is 0, a NULL pointer dereference occurs in<br />
nilfs_btree_prepare_insert(), which is called from nilfs_btree_insert().<br />
<br />
This is because, when the number of child nodes of the b-tree root is 0,<br />
nilfs_btree_do_lookup() does not set the block buffer head in any of<br />
path[x].bp_bh, leaving it as the initial value of NULL, but if the level<br />
of the b-tree root node is greater than 1, nilfs_btree_get_nonroot_node(),<br />
which accesses the buffer memory of path[x].bp_bh, is called.<br />
<br />
Fix this issue by adding a check to nilfs_btree_root_broken(), which<br />
performs sanity checks when reading the root node from the device, to<br />
detect this inconsistency.<br />
<br />
Thanks to Lizhi Xu for trying to solve the bug and clarifying the cause<br />
early on.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.30 (including) | 5.10.227 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.168 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.113 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.54 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.10.13 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.11 (including) | 6.11.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1d94dbdfbb64cc48d10dec65cc3c4fbf2497b343
- https://git.kernel.org/stable/c/21839b6fbc3c41b3e374ecbdb0cabbbb2c53cf34
- https://git.kernel.org/stable/c/24bf40740a3da6b4056721da34997ae6938f3da1
- https://git.kernel.org/stable/c/2b78e9df10fb7f4e9d3d7a18417dd72fbbc1dfd0
- https://git.kernel.org/stable/c/3644554d308ddf2669e459a1551a7edf60b2d62b
- https://git.kernel.org/stable/c/73d23ecf234b7a6d47fb883f2dabe10e3230b31d
- https://git.kernel.org/stable/c/9403001ad65ae4f4c5de368bdda3a0636b51d51a
- https://git.kernel.org/stable/c/db73500d3f0e558eb642aae1d4782e7726b4a03f
- https://git.kernel.org/stable/c/f68523e0f26faade18833fbef577a4295d8e2c94