CVE-2024-49957

ocfs2: fix null-ptr-deref when journal load failed.

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journal_reset() fails because of too short
journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() calls
jbd2_journal_flush()->jbd2_cleanup_journal_tail()->
__jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail()
->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer
dereference error. To resolve this issue, we should check the JBD2_LOADED flag to ensure the
journal was properly loaded. Additionally, use journal instead of
osb->journal directly to simplify the code.

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journal_reset() fails because of too short journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() calls jbd2_journal_flush()->jbd2_cleanup_journal_tail()-> __jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail() ->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer dereference error. To resolve this issue, we should check the JBD2_LOADED flag to ensure the journal was properly loaded. Additionally, use journal instead of osb->journal directly to simplify the code.

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-10-21 CVE Published
2024-12-19 CVE Updated
2025-03-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/f6f50e28f0cb8d7bcdfaacc83129f005dede11b1	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/fd89d92c1140cee8f59de336cb37fa65e359c123	2024-11-08
https://git.kernel.org/stable/c/703b2c7e0798d263154dc8593dc2345f75dc077f	2024-11-08
https://git.kernel.org/stable/c/bf605ae98dab5c15c5b631d4d7f88898cb41b649	2024-10-17
https://git.kernel.org/stable/c/ff55291fb36779819211b596da703389135f5b05	2024-10-17
https://git.kernel.org/stable/c/82dfdd1e31e774578f76ce6dc90c834f96403a0f	2024-10-17
https://git.kernel.org/stable/c/86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b	2024-10-10
https://git.kernel.org/stable/c/f60e94a83db799bde625ac8671a5b4a6354e7120	2024-10-10
https://git.kernel.org/stable/c/387bf565cc03e2e8c720b8b4798efea4aacb6962	2024-10-10
https://git.kernel.org/stable/c/5784d9fcfd43bd853654bb80c87ef293b9e8e80a	2024-09-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.32 < 4.19.323 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.32 < 4.19.323"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.32 < 5.4.285 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.32 < 5.4.285"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.32 < 5.10.227 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.32 < 5.10.227"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.32 < 5.15.168 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.32 < 5.15.168"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.32 < 6.1.113 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.32 < 6.1.113"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.32 < 6.6.55 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.32 < 6.6.55"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.32 < 6.10.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.32 < 6.10.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.32 < 6.11.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.32 < 6.11.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.32 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.32 < 6.12"		en		Affected