medium
5.5
CWE
476
Advisory Published
Updated

CVE-2024-49881: ext4: update orig_path in ext4_find_extent()

First published: Mon Oct 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: ext4: update orig_path in ext4_find_extent() In ext4_find_extent(), if the path is not big enough, we free it and set *orig_path to NULL. But after reallocating and successfully initializing the path, we don't update *orig_path, in which case the caller gets a valid path but a NULL ppath, and this may cause a NULL pointer dereference or a path memory leak. For example: ext4_split_extent path = *ppath = 2000 ext4_find_extent if (depth > path[0].p_maxdepth) kfree(path = 2000); *orig_path = path = NULL; path = kcalloc() = 3000 ext4_split_extent_at(*ppath = NULL) path = *ppath; ex = path[depth].p_ext; // NULL pointer dereference! ================================================================== BUG: kernel NULL pointer dereference, address: 0000000000000010 CPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847 RIP: 0010:ext4_split_extent_at+0x6d/0x560 Call Trace: <TASK> ext4_split_extent.isra.0+0xcb/0x1b0 ext4_ext_convert_to_initialized+0x168/0x6c0 ext4_ext_handle_unwritten_extents+0x325/0x4d0 ext4_ext_map_blocks+0x520/0xdb0 ext4_map_blocks+0x2b0/0x690 ext4_iomap_begin+0x20e/0x2c0 [...] ================================================================== Therefore, *orig_path is updated when the extent lookup succeeds, so that the caller can safely use path or *ppath.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=3.18<5.10.227
Linux Kernel>=5.11<5.15.168
Linux Kernel>=5.16<6.1.113
Linux Kernel>=6.2<6.6.55
Linux Kernel>=6.7<6.10.14
Linux Kernel>=6.11<6.11.3
debian/linux<=5.10.223-1
5.10.234-1
6.1.129-1
6.1.128-1
6.12.21-1
debian/linux-6.1
6.1.129-1~deb11u1

Remedy

https://git.kernel.org/stable/c/11b230100d6801c014fab2afabc8bdea304c1b96

Remedy

https://git.kernel.org/stable/c/5b4b2dcace35f618fe361a87bae6f0d13af31bc1

Remedy

https://git.kernel.org/stable/c/6766937d0327000ac1b87c97bbecdd28b0dd6599

Remedy

https://git.kernel.org/stable/c/6801ed1298204d16a38571091e31178bfdc3c679

Remedy

https://git.kernel.org/stable/c/a9fcb1717d75061d3653ed69365c8d45331815cd

Remedy

https://git.kernel.org/stable/c/b63481b3a388ee2df9e295f97273226140422a42

Remedy

https://git.kernel.org/stable/c/f55ecc58d07a6c1f6d6d5b5af125c25f8da0bda2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-49881?

    CVE-2024-49881 has been classified as a medium severity vulnerability in the Linux kernel.

  • Which versions of the Linux kernel are affected by CVE-2024-49881?

    CVE-2024-49881 affects Linux kernel versions from 3.18 up to 6.11.3, excluding specific patched versions.

  • How do I fix CVE-2024-49881?

    To fix CVE-2024-49881, update to the latest patched version of the Linux kernel as listed in your distribution's repository.

  • What type of vulnerability is CVE-2024-49881?

    CVE-2024-49881 is related to a flaw in the ext4 filesystem handling within the Linux kernel.

  • Can CVE-2024-49881 be exploited remotely?

    CVE-2024-49881 requires local access to the system to be exploited, making remote exploitation unlikely.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203