CVE-2024-50088
Severity CVSS v4.0:
Pending analysis
Type:
CWE-824
Access of Uninitialized Pointer
Publication date:
29/10/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
btrfs: fix uninitialized pointer free in add_inode_ref()<br />
<br />
The add_inode_ref() function does not initialize the "name" struct when<br />
it is declared. If any of the following calls to "read_one_inode()<br />
returns NULL,<br />
<br />
dir = read_one_inode(root, parent_objectid);<br />
if (!dir) {<br />
ret = -ENOENT;<br />
goto out;<br />
}<br />
<br />
inode = read_one_inode(root, inode_objectid);<br />
if (!inode) {<br />
ret = -EIO;<br />
goto out;<br />
}<br />
<br />
then "name.name" would be freed on "out" before being initialized.<br />
<br />
out:<br />
...<br />
kfree(name.name);<br />
<br />
This issue was reported by Coverity with CID 1526744.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1.57 (including) | 6.1.114 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.58 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.11.5 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/12cf028381aa19bc38465341512c280256e8d82d
- https://git.kernel.org/stable/c/66691c6e2f18d2aa4b22ffb624b9bdc97e9979e4
- https://git.kernel.org/stable/c/a941f3d5b1469c60a7e70e775584f110b47e0d16
- https://git.kernel.org/stable/c/e11ce03b58743bf1e096c48fcaa7e6f08eb75dfa
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html