CVE - CVE-2024-42304

CVE-ID
CVE-2024-42304	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: ext4: make sure the first directory block is not a hole The syzbot constructs a directory that has no dirblock but is non-inline, i.e. the first directory block is a hole. And no errors are reported when creating files in this directory in the following flow. ext4_mknod ... ext4_add_entry // Read block 0 ext4_read_dirblock(dir, block, DIRENT) bh = ext4_bread(NULL, inode, block, 0) if (!bh && (type == INDEX \|\| type == DIRENT_HTREE)) // The first directory block is a hole // But type == DIRENT, so no error is reported. After that, we get a directory block without '.' and '..' but with a valid dentry. This may cause some code that relies on dot or dotdot (such as make_indexed_dir()) to crash. Therefore when ext4_read_dirblock() finds that the first directory block is a hole report that the filesystem is corrupted and return an error to avoid loading corrupted data from disk causing something bad.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/299bc6ffa57e04e74c6cce866d6c0741fb4897a1 URL:https://git.kernel.org/stable/c/299bc6ffa57e04e74c6cce866d6c0741fb4897a1 MISC:https://git.kernel.org/stable/c/9771e3d8365ae1dd5e8846a204cb9af14e3e656a URL:https://git.kernel.org/stable/c/9771e3d8365ae1dd5e8846a204cb9af14e3e656a MISC:https://git.kernel.org/stable/c/b609753cbbd38f8c0affd4956c0af178348523ac URL:https://git.kernel.org/stable/c/b609753cbbd38f8c0affd4956c0af178348523ac MISC:https://git.kernel.org/stable/c/c3893d9de8ee153baac56d127d844103488133b5 URL:https://git.kernel.org/stable/c/c3893d9de8ee153baac56d127d844103488133b5 MISC:https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe URL:https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe MISC:https://git.kernel.org/stable/c/de2a011a13a46468a6e8259db58b1b62071fe136 URL:https://git.kernel.org/stable/c/de2a011a13a46468a6e8259db58b1b62071fe136 MISC:https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134ce06bcfa URL:https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134ce06bcfa MISC:https://git.kernel.org/stable/c/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6 URL:https://git.kernel.org/stable/c/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6
Assigning CNA
kernel.org
Date Record Created
20240730	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240730)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)