medium
5.5
CWE
476
Advisory Published
Updated

CVE-2024-58058: ubifs: skip dumping tnc tree when zroot is null

First published: Thu Mar 06 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: ubifs: skip dumping tnc tree when zroot is null Clearing slab cache will free all znode in memory and make c->zroot.znode = NULL, then dumping tnc tree will access c->zroot.znode which cause null pointer dereference.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel
Linux Kernel>=2.6.27<5.4.291
Linux Kernel>=5.5<5.10.235
Linux Kernel>=5.11<5.15.179
Linux Kernel>=5.16<6.1.129
Linux Kernel>=6.2<6.6.76
Linux Kernel>=6.7<6.12.13
Linux Kernel>=6.13<6.13.2

Remedy

https://git.kernel.org/stable/c/1787cd67bb94b106555ffe64f887f6aa24b47010

Remedy

https://git.kernel.org/stable/c/2a987950df825d0144370e700dc5fb337684ffba

Remedy

https://git.kernel.org/stable/c/40e25a3c0063935763717877bb2a814c081509ff

Remedy

https://git.kernel.org/stable/c/428aff8f7cfb0d9a8854477648022cef96bcab28

Remedy

https://git.kernel.org/stable/c/6211c11fc20424bbc6d79c835c7c212b553ae898

Remedy

https://git.kernel.org/stable/c/77e5266e3d3faa6bdcf20d9c68a8972f6aa06522

Remedy

https://git.kernel.org/stable/c/bdb0ca39e0acccf6771db49c3f94ed787d05f2d7

Remedy

https://git.kernel.org/stable/c/e01b55f261ccc96e347eba4931e4429d080d879d

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-58058?

    CVE-2024-58058 has been assigned a CVSS score indicating it as a medium severity vulnerability.

  • How do I fix CVE-2024-58058?

    To mitigate CVE-2024-58058, it is recommended to update to the latest patched version of the Linux kernel.

  • What systems are affected by CVE-2024-58058?

    CVE-2024-58058 affects all supported versions of the Linux kernel that utilize the ubifs file system.

  • What could happen if CVE-2024-58058 is exploited?

    Exploitation of CVE-2024-58058 could lead to system crashes or potential denial of service due to null pointer dereferencing.

  • When was CVE-2024-58058 published?

    CVE-2024-58058 was published on October 10, 2024.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203