We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-49957

ocfs2: fix null-ptr-deref when journal load failed.



Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journal_reset() fails because of too short journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() calls jbd2_journal_flush()->jbd2_cleanup_journal_tail()-> __jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail() ->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer dereference error. To resolve this issue, we should check the JBD2_LOADED flag to ensure the journal was properly loaded. Additionally, use journal instead of osb->journal directly to simplify the code.

Reserved 2024-10-21 | Published 2024-10-21 | Updated 2024-11-19 | Assigner Linux

Product status

Default status
unaffected

f6f50e28f0cb before fd89d92c1140
affected

f6f50e28f0cb before 703b2c7e0798
affected

f6f50e28f0cb before bf605ae98dab
affected

f6f50e28f0cb before ff55291fb367
affected

f6f50e28f0cb before 82dfdd1e31e7
affected

f6f50e28f0cb before 86a89e75e9e4
affected

f6f50e28f0cb before f60e94a83db7
affected

f6f50e28f0cb before 387bf565cc03
affected

f6f50e28f0cb before 5784d9fcfd43
affected

Default status
affected

2.6.32
affected

Any version before 2.6.32
unaffected

4.19.323
unaffected

5.4.285
unaffected

5.10.227
unaffected

5.15.168
unaffected

6.1.113
unaffected

6.6.55
unaffected

6.10.14
unaffected

6.11.3
unaffected

6.12
unaffected

References

git.kernel.org/stable/c/fd89d92c1140cee8f59de336cb37fa65e359c123

git.kernel.org/stable/c/703b2c7e0798d263154dc8593dc2345f75dc077f

git.kernel.org/stable/c/bf605ae98dab5c15c5b631d4d7f88898cb41b649

git.kernel.org/stable/c/ff55291fb36779819211b596da703389135f5b05

git.kernel.org/stable/c/82dfdd1e31e774578f76ce6dc90c834f96403a0f

git.kernel.org/stable/c/86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b

git.kernel.org/stable/c/f60e94a83db799bde625ac8671a5b4a6354e7120

git.kernel.org/stable/c/387bf565cc03e2e8c720b8b4798efea4aacb6962

git.kernel.org/stable/c/5784d9fcfd43bd853654bb80c87ef293b9e8e80a

cve.org (CVE-2024-49957)

nvd.nist.gov (CVE-2024-49957)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-49957

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.