U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2024-49957 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journal_reset() fails because of too short journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() calls jbd2_journal_flush()->jbd2_cleanup_journal_tail()-> __jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail() ->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer dereference error. To resolve this issue, we should check the JBD2_LOADED flag to ensure the journal was properly loaded. Additionally, use journal instead of osb->journal directly to simplify the code.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 3.x Severity and Vector Strings:

NIST CVSS score
NIST: NVD
Base Score:  5.5 MEDIUM
Vector:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/387bf565cc03e2e8c720b8b4798efea4aacb6962 Patch 
https://git.kernel.org/stable/c/5784d9fcfd43bd853654bb80c87ef293b9e8e80a Patch 
https://git.kernel.org/stable/c/703b2c7e0798d263154dc8593dc2345f75dc077f
https://git.kernel.org/stable/c/82dfdd1e31e774578f76ce6dc90c834f96403a0f Patch 
https://git.kernel.org/stable/c/86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b Patch 
https://git.kernel.org/stable/c/bf605ae98dab5c15c5b631d4d7f88898cb41b649 Patch 
https://git.kernel.org/stable/c/f60e94a83db799bde625ac8671a5b4a6354e7120 Patch 
https://git.kernel.org/stable/c/fd89d92c1140cee8f59de336cb37fa65e359c123
https://git.kernel.org/stable/c/ff55291fb36779819211b596da703389135f5b05 Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-476 NULL Pointer Dereference cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s) 		From (including)
2.6.32		Up to (excluding)
5.10.227
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s) 		From (including)
5.11		Up to (excluding)
5.15.168
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s) 		From (including)
5.16		Up to (excluding)
6.1.113
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s) 		From (including)
6.2		Up to (excluding)
6.6.55
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s) 		From (including)
6.7		Up to (excluding)
6.10.14
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s) 		From (including)
6.11		Up to (excluding)
6.11.3

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-49957
NVD Published Date:
10/21/2024
NVD Last Modified:
11/08/2024
Source:
kernel.org