CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error
First published: Tue Oct 29 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free on read_alloc_one_name() error The function read_alloc_one_name() does not initialize the name field of the passed fscrypt_str struct if kmalloc fails to allocate the corresponding buffer. Thus, it is not guaranteed that fscrypt_str.name is initialized when freeing it. This is a follow-up to the linked patch that fixes the remaining instances of the bug introduced by commit e43eec81c516 ("btrfs: use struct qstr instead of name and namelen pairs").
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.1.57<6.1.114 | |
| Linux Kernel | >=6.2<6.6.58 | |
| Linux Kernel | >=6.7<6.11.5 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.22-1 | |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/b37de9491f140a0ff125c27dd1050185c3accbc1
- https://git.kernel.org/stable/c/7fc7c47b9ba0cf2d192f2117a64b24881b0b577f
- https://git.kernel.org/stable/c/1ec28de5e476913ae51f909660b4447eddb28838
- https://git.kernel.org/stable/c/2ab5e243c2266c841e0f6904fad1514b18eaf510
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50087
- https://nvd.nist.gov/vuln/detail/CVE-2024-50087
- https://launchpad.net/bugs/cve/CVE-2024-50087
- https://security-tracker.debian.org/tracker/CVE-2024-50087
- https://ubuntu.com/security/CVE-2024-50087
- https://git.kernel.org/linus/2ab5e243c2266c841e0f6904fad1514b18eaf510
Frequently Asked Questions
What is the severity of CVE-2024-50087?
CVE-2024-50087 has a high severity rating due to its potential to cause uninitialized pointer dereference issues.
How do I fix CVE-2024-50087?
To fix CVE-2024-50087, update the Linux kernel to a patched version that addresses this vulnerability.
What versions of the Linux kernel are affected by CVE-2024-50087?
CVE-2024-50087 affects various versions of the Linux kernel between 6.1.57 to 6.1.114, as well as versions up to 6.6.58 and others in the 6.12 release candidates.
What are the potential impacts of CVE-2024-50087?
The impacts of CVE-2024-50087 may include system crashes or unintended behavior due to uninitialized memory access.
Is CVE-2024-50087 being actively exploited?
As of now, there is no public information indicating that CVE-2024-50087 is being actively exploited in the wild.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/description
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.1.57
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- package-manager/debian