U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-50202 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails. If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check, for example when it is zero-filled, nilfs_check_folio() may continue to spit out error messages in bursts. Fix this issue by propagating the error to the callers when loading a page/folio fails in nilfs_find_entry(). The current interface of nilfs_find_entry() and its callers is outdated and cannot propagate error codes such as -EIO and -ENOMEM returned via nilfs_find_entry(), so fix it together.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/08cfa12adf888db98879dbd735bc741360a34168 Patch 
https://git.kernel.org/stable/c/270a6f9df35fa2aea01ec23770dc9b3fc9a12989 Patch 
https://git.kernel.org/stable/c/9698088ac7704e260f492d9c254e29ed7dd8729a Patch 
https://git.kernel.org/stable/c/b4b3dc9e7e604be98a222e9f941f5e93798ca475 Patch 
https://git.kernel.org/stable/c/bb857ae1efd3138c653239ed1e7aef14e1242c81 Patch 
https://git.kernel.org/stable/c/c1d0476885d708a932980b0f28cd90d9bd71db39 Patch 
https://git.kernel.org/stable/c/edf8146057264191d5bfe5b91773f13d936dadd3 Patch 
https://git.kernel.org/stable/c/efa810b15a25531cbc2f527330947b9fe16916e7 Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-755 Improper Handling of Exceptional Conditions cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-50202
NVD Published Date:
11/08/2024
NVD Last Modified:
11/19/2024
Source:
kernel.org