CVE-2024-47699

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
21/10/2024
Last modified:
08/11/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()<br /> <br /> Patch series "nilfs2: fix potential issues with empty b-tree nodes".<br /> <br /> This series addresses three potential issues with empty b-tree nodes that<br /> can occur with corrupted filesystem images, including one recently<br /> discovered by syzbot.<br /> <br /> <br /> This patch (of 3):<br /> <br /> If a b-tree is broken on the device, and the b-tree height is greater than<br /> 2 (the level of the root node is greater than 1) even if the number of<br /> child nodes of the b-tree root is 0, a NULL pointer dereference occurs in<br /> nilfs_btree_prepare_insert(), which is called from nilfs_btree_insert().<br /> <br /> This is because, when the number of child nodes of the b-tree root is 0,<br /> nilfs_btree_do_lookup() does not set the block buffer head in any of<br /> path[x].bp_bh, leaving it as the initial value of NULL, but if the level<br /> of the b-tree root node is greater than 1, nilfs_btree_get_nonroot_node(),<br /> which accesses the buffer memory of path[x].bp_bh, is called.<br /> <br /> Fix this issue by adding a check to nilfs_btree_root_broken(), which<br /> performs sanity checks when reading the root node from the device, to<br /> detect this inconsistency.<br /> <br /> Thanks to Lizhi Xu for trying to solve the bug and clarifying the cause<br /> early on.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 2.6.30 (including) 5.10.227 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.168 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.113 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.54 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.10.13 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.11 (including) 6.11.2 (excluding)