NVD

CVE-2024-50218 Detail

Modified After Enrichment

This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Syzbot reported a kernel BUG in ocfs2_truncate_inline. There are two reasons for this: first, the parameter value passed is greater than ocfs2_max_inline_data_with_xattr, second, the start and end parameters of ocfs2_truncate_inline are "unsigned int". So, we need to add a sanity check for byte_start and byte_len right before ocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater than ocfs2_max_inline_data_with_xattr return -EINVAL.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/0b6b8c2055784261de3fb641c5d0d63964318e8f	kernel.org	Patch
https://git.kernel.org/stable/c/27d95867bee806cdc448d122bd99f1d8b0544035	kernel.org	Patch
https://git.kernel.org/stable/c/2fe5d62e122b040ce7fc4d31aa7fa96ae328cefc	kernel.org	Patch
https://git.kernel.org/stable/c/70767689ec6ee5f05fb0a2c17d7ec1927946e486	kernel.org	Patch
https://git.kernel.org/stable/c/88f97a4b5843ce21c1286e082c02a5fb4d8eb473	kernel.org	Patch
https://git.kernel.org/stable/c/95fbed8ae8c32c0977e6be1721c190d8fea23f2f	kernel.org	Patch
https://git.kernel.org/stable/c/bc0a2f3a73fcdac651fca64df39306d1e5ebe3b0	kernel.org	Patch
https://git.kernel.org/stable/c/ecd62f684386fa64f9c0cea92eea361f4e6444c2	kernel.org	Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html	CVE
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html	CVE

Weakness Enumeration

CWE-ID	CWE Name	Source
NVD-CWE-noinfo	Insufficient Information	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Initial Analysis by NIST 10/08/2025 11:03:50 AM

Action	Type	New Value
Added	CVSS V3.1	AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE	NVD-CWE-noinfo
Added	CPE Configuration	OR cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::* cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::* cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::* cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::* cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.5 up to (excluding) 5.10.229 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.20 up to (excluding) 5.4.285 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 2.6.24 up to (excluding) 4.19.323 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.11 up to (excluding) 5.15.171 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.16 up to (excluding) 6.1.116 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.2 up to (excluding) 6.6.60 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.7 up to (excluding) 6.11.7 cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::*
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/0b6b8c2055784261de3fb641c5d0d63964318e8f Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/27d95867bee806cdc448d122bd99f1d8b0544035 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/2fe5d62e122b040ce7fc4d31aa7fa96ae328cefc Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/70767689ec6ee5f05fb0a2c17d7ec1927946e486 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/88f97a4b5843ce21c1286e082c02a5fb4d8eb473 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/95fbed8ae8c32c0977e6be1721c190d8fea23f2f Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/bc0a2f3a73fcdac651fca64df39306d1e5ebe3b0 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/ecd62f684386fa64f9c0cea92eea361f4e6444c2 Types: Patch

New CVE Received from kernel.org 11/09/2024 6:15:07 AM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Syzbot reported a kernel BUG in ocfs2_truncate_inline. There are two reasons for this: first, the parameter value passed is greater than ocfs2_max_inline_data_with_xattr, second, the start and end parameters of ocfs2_truncate_inline are "unsigned int". So, we need to add a sanity check for byte_start and byte_len right before ocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater than ocfs2_max_inline_data_with_xattr return -EINVAL.
Added	Reference	kernel.org https://git.kernel.org/stable/c/0b6b8c2055784261de3fb641c5d0d63964318e8f [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/27d95867bee806cdc448d122bd99f1d8b0544035 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/2fe5d62e122b040ce7fc4d31aa7fa96ae328cefc [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/70767689ec6ee5f05fb0a2c17d7ec1927946e486 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/88f97a4b5843ce21c1286e082c02a5fb4d8eb473 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/95fbed8ae8c32c0977e6be1721c190d8fea23f2f [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/bc0a2f3a73fcdac651fca64df39306d1e5ebe3b0 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/ecd62f684386fa64f9c0cea92eea361f4e6444c2 [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2024-50218
NVD Published Date:
11/09/2024
NVD Last Modified:
11/03/2025
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2024-50218 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/03/2025 6:17:03 PM

CVE Modified by CVE 11/03/2025 4:17:09 PM

Initial Analysis by NIST 10/08/2025 11:03:50 AM

New CVE Received from kernel.org 11/09/2024 6:15:07 AM

Quick Info