CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry()
First published: Fri Nov 08 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails. If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check, for example when it is zero-filled, nilfs_check_folio() may continue to spit out error messages in bursts. Fix this issue by propagating the error to the callers when loading a page/folio fails in nilfs_find_entry(). The current interface of nilfs_find_entry() and its callers is outdated and cannot propagate error codes such as -EIO and -ENOMEM returned via nilfs_find_entry(), so fix it together.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=2.6.30<4.19.323 | |
| Linux Kernel | >=4.20<5.4.285 | |
| Linux Kernel | >=5.5<5.10.228 | |
| Linux Kernel | >=5.11<5.15.169 | |
| Linux Kernel | >=5.16<6.1.114 | |
| Linux Kernel | >=6.2<6.6.58 | |
| Linux Kernel | >=6.7<6.11.5 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/c1d0476885d708a932980b0f28cd90d9bd71db39
- https://git.kernel.org/stable/c/edf8146057264191d5bfe5b91773f13d936dadd3
- https://git.kernel.org/stable/c/270a6f9df35fa2aea01ec23770dc9b3fc9a12989
- https://git.kernel.org/stable/c/9698088ac7704e260f492d9c254e29ed7dd8729a
- https://git.kernel.org/stable/c/efa810b15a25531cbc2f527330947b9fe16916e7
- https://git.kernel.org/stable/c/08cfa12adf888db98879dbd735bc741360a34168
- https://git.kernel.org/stable/c/b4b3dc9e7e604be98a222e9f941f5e93798ca475
- https://git.kernel.org/stable/c/bb857ae1efd3138c653239ed1e7aef14e1242c81
Frequently Asked Questions
What is the severity of CVE-2024-50202?
CVE-2024-50202 has been categorized as a medium severity vulnerability.
How do I fix CVE-2024-50202?
To mitigate CVE-2024-50202, it is recommended to update the Linux kernel to the latest stable release or the patched version that resolves this issue.
Which versions of the Linux kernel are affected by CVE-2024-50202?
CVE-2024-50202 affects multiple versions of the Linux kernel between 2.6.30 and 6.12-rc3.
What is the nature of the vulnerability in CVE-2024-50202?
The vulnerability CVE-2024-50202 involves a task hang in vcs_open() due to propagated directory read errors from nilfs_find_entry().
Can CVE-2024-50202 lead to data loss?
While CVE-2024-50202 primarily causes a task hang, it may indirectly affect data operations, leading to potential data loss during the hang.
- agent/title
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- agent/references
- agent/remedy
- agent/severity
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.30
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3