medium
5.5
CWE
908
Advisory Published
Updated

CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path

First published: Mon Oct 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with fast-commit feature enabled: INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 0 PID: 866 Comm: mount Not tainted 6.10.0+ #11 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x66/0x90 register_lock_class+0x759/0x7d0 __lock_acquire+0x85/0x2630 ? __find_get_block+0xb4/0x380 lock_acquire+0xd1/0x2d0 ? __ext4_journal_get_write_access+0xd5/0x160 _raw_spin_lock+0x33/0x40 ? __ext4_journal_get_write_access+0xd5/0x160 __ext4_journal_get_write_access+0xd5/0x160 ext4_reserve_inode_write+0x61/0xb0 __ext4_mark_inode_dirty+0x79/0x270 ? ext4_ext_replay_set_iblocks+0x2f8/0x450 ext4_ext_replay_set_iblocks+0x330/0x450 ext4_fc_replay+0x14c8/0x1540 ? jread+0x88/0x2e0 ? rcu_is_watching+0x11/0x40 do_one_pass+0x447/0xd00 jbd2_journal_recover+0x139/0x1b0 jbd2_journal_load+0x96/0x390 ext4_load_and_init_journal+0x253/0xd40 ext4_fill_super+0x2cc6/0x3180 ... In the replay path there's an attempt to lock sbi->s_bdev_wb_lock in function ext4_check_bdev_write_error(). Unfortunately, at this point this spinlock has not been initialized yet. Moving it's initialization to an earlier point in __ext4_fill_super() fixes this splat.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel<6.10.14
Linux Kernel>=6.11<6.11.3
debian/linux<=5.10.223-1<=5.10.234-1
6.1.129-1
6.1.128-1
6.12.21-1
debian/linux-6.1
6.1.129-1~deb11u1

Remedy

https://git.kernel.org/stable/c/23dfdb56581ad92a9967bcd720c8c23356af74c1

Remedy

https://git.kernel.org/stable/c/b002031d585a14eed511117dda8c6452a804d508

Remedy

https://git.kernel.org/stable/c/d157fc20ca5239fd56965a5a8aa1a0e25919891a

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-50014?

    CVE-2024-50014 is classified as a moderate severity vulnerability in the Linux kernel.

  • How do I fix CVE-2024-50014?

    To address CVE-2024-50014, upgrade to the latest kernel versions such as 6.1.128-1 or 6.12.15-1.

  • Which versions of the Linux kernel are affected by CVE-2024-50014?

    CVE-2024-50014 affects Linux kernel versions prior to 6.10.14 and those between 6.11 and 6.11.3.

  • What systems are impacted by CVE-2024-50014?

    Systems running Debian or other Linux distributions with vulnerable kernel versions are impacted by CVE-2024-50014.

  • What exploits are associated with CVE-2024-50014?

    CVE-2024-50014 can potentially lead to denial of service or security issues when exploiting the uninitialized lock in the ext4 filesystem.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203