CVE-2024-50202

Nov. 19, 2024, 4:12 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails. If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check, for example when it is zero-filled, nilfs_check_folio() may continue to spit out error messages in bursts. Fix this issue by propagating the error to the callers when loading a page/folio fails in nilfs_find_entry(). The current interface of nilfs_find_entry() and its callers is outdated and cannot propagate error codes such as -EIO and -ENOMEM returned via nilfs_find_entry(), so fix it together.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.12

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-755
Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.12 rc1 / / / / / /
o linux linux_kernel 6.12 rc2 / / / / / /
o linux linux_kernel 6.12 rc3 / / / / / /

References

https://git.kernel.org/stable/c/08cfa12adf888db98879dbd735bc741360a34168
https://git.kernel.org/stable/c/270a6f9df35fa2aea01ec23770dc9b3fc9a12989
https://git.kernel.org/stable/c/9698088ac7704e260f492d9c254e29ed7dd8729a
https://git.kernel.org/stable/c/b4b3dc9e7e604be98a222e9f941f5e93798ca475
https://git.kernel.org/stable/c/bb857ae1efd3138c653239ed1e7aef14e1242c81
https://git.kernel.org/stable/c/c1d0476885d708a932980b0f28cd90d9bd71db39
https://git.kernel.org/stable/c/edf8146057264191d5bfe5b91773f13d936dadd3
https://git.kernel.org/stable/c/efa810b15a25531cbc2f527330947b9fe16916e7

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-755
2024-11-08
CVE-2024-50202

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Nov. 8, 2024, 6:15 a.m.
Last Modified: Nov. 19, 2024, 4:12 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.