We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-50218

ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow



Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Syzbot reported a kernel BUG in ocfs2_truncate_inline. There are two reasons for this: first, the parameter value passed is greater than ocfs2_max_inline_data_with_xattr, second, the start and end parameters of ocfs2_truncate_inline are "unsigned int". So, we need to add a sanity check for byte_start and byte_len right before ocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater than ocfs2_max_inline_data_with_xattr return -EINVAL.

Reserved 2024-10-21 | Published 2024-11-09 | Updated 2024-11-19 | Assigner Linux

Product status

Default status
unaffected

1afc32b95233 before 27d95867bee8
affected

1afc32b95233 before 95fbed8ae8c3
affected

1afc32b95233 before 70767689ec6e
affected

1afc32b95233 before ecd62f684386
affected

1afc32b95233 before 2fe5d62e122b
affected

1afc32b95233 before 88f97a4b5843
affected

1afc32b95233 before 0b6b8c205578
affected

1afc32b95233 before bc0a2f3a73fc
affected

Default status
affected

2.6.24
affected

Any version before 2.6.24
unaffected

4.19.323
unaffected

5.4.285
unaffected

5.10.229
unaffected

5.15.171
unaffected

6.1.116
unaffected

6.6.60
unaffected

6.11.7
unaffected

6.12
unaffected

References

git.kernel.org/stable/c/27d95867bee806cdc448d122bd99f1d8b0544035

git.kernel.org/stable/c/95fbed8ae8c32c0977e6be1721c190d8fea23f2f

git.kernel.org/stable/c/70767689ec6ee5f05fb0a2c17d7ec1927946e486

git.kernel.org/stable/c/ecd62f684386fa64f9c0cea92eea361f4e6444c2

git.kernel.org/stable/c/2fe5d62e122b040ce7fc4d31aa7fa96ae328cefc

git.kernel.org/stable/c/88f97a4b5843ce21c1286e082c02a5fb4d8eb473

git.kernel.org/stable/c/0b6b8c2055784261de3fb641c5d0d63964318e8f

git.kernel.org/stable/c/bc0a2f3a73fcdac651fca64df39306d1e5ebe3b0

cve.org (CVE-2024-50218)

nvd.nist.gov (CVE-2024-50218)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-50218

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.