medium
5.5
CWE
476
Advisory Published
Updated

CVE-2024-49957: ocfs2: fix null-ptr-deref when journal load failed.

First published: Mon Oct 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journal_reset() fails because of too short journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() calls jbd2_journal_flush()->jbd2_cleanup_journal_tail()-> __jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail() ->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer dereference error. To resolve this issue, we should check the JBD2_LOADED flag to ensure the journal was properly loaded. Additionally, use journal instead of osb->journal directly to simplify the code.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux kernel>=2.6.32<5.10.227
Linux kernel>=5.11<5.15.168
Linux kernel>=5.16<6.1.113
Linux kernel>=6.2<6.6.55
Linux kernel>=6.7<6.10.14
Linux kernel>=6.11<6.11.3
Linux Kernel>=2.6.32<5.10.227
Linux Kernel>=5.11<5.15.168
Linux Kernel>=5.16<6.1.113
Linux Kernel>=6.2<6.6.55
Linux Kernel>=6.7<6.10.14
Linux Kernel>=6.11<6.11.3
debian/linux<=5.10.223-1
5.10.234-1
6.1.129-1
6.1.128-1
6.12.20-1
6.12.21-1
debian/linux-6.1
6.1.129-1~deb11u1

Remedy

https://git.kernel.org/stable/c/387bf565cc03e2e8c720b8b4798efea4aacb6962

Remedy

https://git.kernel.org/stable/c/5784d9fcfd43bd853654bb80c87ef293b9e8e80a

Remedy

https://git.kernel.org/stable/c/82dfdd1e31e774578f76ce6dc90c834f96403a0f

Remedy

https://git.kernel.org/stable/c/86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b

Remedy

https://git.kernel.org/stable/c/bf605ae98dab5c15c5b631d4d7f88898cb41b649

Remedy

https://git.kernel.org/stable/c/f60e94a83db799bde625ac8671a5b4a6354e7120

Remedy

https://git.kernel.org/stable/c/ff55291fb36779819211b596da703389135f5b05

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-49957?

    CVE-2024-49957 has a moderate severity rating due to the potential for a null pointer dereference.

  • How do I fix CVE-2024-49957?

    To fix CVE-2024-49957, update your Linux kernel to version 6.1.123-1, 6.1.119-1, or any later version that addresses the vulnerability.

  • What systems are affected by CVE-2024-49957?

    CVE-2024-49957 affects various versions of the Linux kernel including versions between 2.6.32 and 6.10.14.

  • What is the impact of CVE-2024-49957?

    The impact of CVE-2024-49957 includes potential system crashes due to null pointer dereferences during journal loading.

  • Does CVE-2024-49957 require user interaction to exploit?

    CVE-2024-49957 does not require user interaction to exploit, as it can occur automatically during the mounting process.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203