medium
5.5
Advisory Published
Updated

CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing

First published: Mon Oct 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: ext4: dax: fix overflowing extents beyond inode size when partially writing The dax_iomap_rw() does two things in each iteration: map written blocks and copy user data to blocks. If the process is killed by user(See signal handling in dax_iomap_iter()), the copied data will be returned and added on inode size, which means that the length of written extents may exceed the inode size, then fsck will fail. An example is given as: dd if=/dev/urandom of=file bs=4M count=1 dax_iomap_rw iomap_iter // round 1 ext4_iomap_begin ext4_iomap_alloc // allocate 0~2M extents(written flag) dax_iomap_iter // copy 2M data iomap_iter // round 2 iomap_iter_advance iter->pos += iter->processed // iter->pos = 2M ext4_iomap_begin ext4_iomap_alloc // allocate 2~4M extents(written flag) dax_iomap_iter fatal_signal_pending done = iter->pos - iocb->ki_pos // done = 2M ext4_handle_inode_extension ext4_update_inode_size // inode size = 2M fsck reports: Inode 13, i_size is 2097152, should be 4194304. Fix? Fix the problem by truncating extents if the written length is smaller than expected.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=4.10<5.10.227
Linux Kernel>=5.11<5.15.168
Linux Kernel>=5.16<6.1.113
Linux Kernel>=6.2<6.6.55
Linux Kernel>=6.7<6.10.14
Linux Kernel>=6.11<6.11.3
debian/linux<=5.10.223-1<=5.10.226-1
6.1.123-1
6.1.128-1
6.12.12-1
6.12.15-1
debian/linux-6.1
6.1.119-1~deb11u1

Remedy

https://git.kernel.org/stable/c/5efccdee4a7d507a483f20f880b809cc4eaef14d

Remedy

https://git.kernel.org/stable/c/8c30a9a8610c314554997f86370140746aa35661

Remedy

https://git.kernel.org/stable/c/a9f331f51515bdb3ebc8d0963131af367ef468f6

Remedy

https://git.kernel.org/stable/c/abfaa876b948baaea4d14f21a1963789845c8b4c

Remedy

https://git.kernel.org/stable/c/dda898d7ffe85931f9cca6d702a51f33717c501e

Remedy

https://git.kernel.org/stable/c/ec0dd451e236c46e4858d53e9e82bae7797a7af5

Remedy

https://git.kernel.org/stable/c/f8a7c342326f6ad1dfdb30a18dd013c70f5e9669

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-50015?

    CVE-2024-50015 has been assigned a severity rating of medium.

  • How do I fix CVE-2024-50015?

    To fix CVE-2024-50015, ensure that your Linux kernel is updated to a version that is not affected, specifically versions 6.1.123-1, 6.1.119-1, 6.12.11-1, or 6.12.12-1.

  • Which versions of the Linux kernel are affected by CVE-2024-50015?

    CVE-2024-50015 affects Linux kernel versions from 4.10 up to 6.11.2 and includes several versions in between.

  • Is CVE-2024-50015 a zero-day vulnerability?

    CVE-2024-50015 is not classified as a zero-day vulnerability since a fix is already available.

  • What types of attacks could exploit CVE-2024-50015?

    CVE-2024-50015 could be exploited to cause denial of service conditions or data corruption during data writes.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203