CVE - CVE-2024-49881

CVE-ID
CVE-2024-49881	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: ext4: update orig_path in ext4_find_extent() In ext4_find_extent(), if the path is not big enough, we free it and set orig_path to NULL. But after reallocating and successfully initializing the path, we don't update orig_path, in which case the caller gets a valid path but a NULL ppath, and this may cause a NULL pointer dereference or a path memory leak. For example: ext4_split_extent path = ppath = 2000 ext4_find_extent if (depth > path[0].p_maxdepth) kfree(path = 2000); orig_path = path = NULL; path = kcalloc() = 3000 ext4_split_extent_at(ppath = NULL) path = ppath; ex = path[depth].p_ext; // NULL pointer dereference! ================================================================== BUG: kernel NULL pointer dereference, address: 0000000000000010 CPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847 RIP: 0010:ext4_split_extent_at+0x6d/0x560 Call Trace: <TASK> ext4_split_extent.isra.0+0xcb/0x1b0 ext4_ext_convert_to_initialized+0x168/0x6c0 ext4_ext_handle_unwritten_extents+0x325/0x4d0 ext4_ext_map_blocks+0x520/0xdb0 ext4_map_blocks+0x2b0/0x690 ext4_iomap_begin+0x20e/0x2c0 [...] ================================================================== Therefore, orig_path is updated when the extent lookup succeeds, so that the caller can safely use path or ppath.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/11b230100d6801c014fab2afabc8bdea304c1b96 URL:https://git.kernel.org/stable/c/11b230100d6801c014fab2afabc8bdea304c1b96 MISC:https://git.kernel.org/stable/c/5b4b2dcace35f618fe361a87bae6f0d13af31bc1 URL:https://git.kernel.org/stable/c/5b4b2dcace35f618fe361a87bae6f0d13af31bc1 MISC:https://git.kernel.org/stable/c/6766937d0327000ac1b87c97bbecdd28b0dd6599 URL:https://git.kernel.org/stable/c/6766937d0327000ac1b87c97bbecdd28b0dd6599 MISC:https://git.kernel.org/stable/c/6801ed1298204d16a38571091e31178bfdc3c679 URL:https://git.kernel.org/stable/c/6801ed1298204d16a38571091e31178bfdc3c679 MISC:https://git.kernel.org/stable/c/a9fcb1717d75061d3653ed69365c8d45331815cd URL:https://git.kernel.org/stable/c/a9fcb1717d75061d3653ed69365c8d45331815cd MISC:https://git.kernel.org/stable/c/b63481b3a388ee2df9e295f97273226140422a42 URL:https://git.kernel.org/stable/c/b63481b3a388ee2df9e295f97273226140422a42 MISC:https://git.kernel.org/stable/c/ec0c0beb9b777cdd1edd7df9b36e0f3e67e2bdff URL:https://git.kernel.org/stable/c/ec0c0beb9b777cdd1edd7df9b36e0f3e67e2bdff MISC:https://git.kernel.org/stable/c/f55ecc58d07a6c1f6d6d5b5af125c25f8da0bda2 URL:https://git.kernel.org/stable/c/f55ecc58d07a6c1f6d6d5b5af125c25f8da0bda2
Assigning CNA
kernel.org
Date Record Created
20241021	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20241021)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)