{ "containers": { "cna": { "providerMetadata": { "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential null-ptr-deref in nilfs_btree_insert()\n\nPatch series \"nilfs2: fix potential issues with empty b-tree nodes\".\n\nThis series addresses three potential issues with empty b-tree nodes that\ncan occur with corrupted filesystem images, including one recently\ndiscovered by syzbot.\n\n\nThis patch (of 3):\n\nIf a b-tree is broken on the device, and the b-tree height is greater than\n2 (the level of the root node is greater than 1) even if the number of\nchild nodes of the b-tree root is 0, a NULL pointer dereference occurs in\nnilfs_btree_prepare_insert(), which is called from nilfs_btree_insert().\n\nThis is because, when the number of child nodes of the b-tree root is 0,\nnilfs_btree_do_lookup() does not set the block buffer head in any of\npath[x].bp_bh, leaving it as the initial value of NULL, but if the level\nof the b-tree root node is greater than 1, nilfs_btree_get_nonroot_node(),\nwhich accesses the buffer memory of path[x].bp_bh, is called.\n\nFix this issue by adding a check to nilfs_btree_root_broken(), which\nperforms sanity checks when reading the root node from the device, to\ndetect this inconsistency.\n\nThanks to Lizhi Xu for trying to solve the bug and clarifying the cause\nearly on." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/nilfs2/btree.c" ], "versions": [ { "version": "17c76b0104e4", "lessThan": "24bf40740a3d", "status": "affected", "versionType": "git" }, { "version": "17c76b0104e4", "lessThan": "73d23ecf234b", "status": "affected", "versionType": "git" }, { "version": "17c76b0104e4", "lessThan": "f68523e0f26f", "status": "affected", "versionType": "git" }, { "version": "17c76b0104e4", "lessThan": "21839b6fbc3c", "status": "affected", "versionType": "git" }, { "version": "17c76b0104e4", "lessThan": "db73500d3f0e", "status": "affected", "versionType": "git" }, { "version": "17c76b0104e4", "lessThan": "3644554d308d", "status": "affected", "versionType": "git" }, { "version": "17c76b0104e4", "lessThan": "9403001ad65a", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/nilfs2/btree.c" ], "versions": [ { "version": "2.6.30", "status": "affected" }, { "version": "0", "lessThan": "2.6.30", "status": "unaffected", "versionType": "custom" }, { "version": "5.10.227", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.6.54", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.10.13", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.11.2", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.12-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/24bf40740a3da6b4056721da34997ae6938f3da1" }, { "url": "https://git.kernel.org/stable/c/73d23ecf234b7a6d47fb883f2dabe10e3230b31d" }, { "url": "https://git.kernel.org/stable/c/f68523e0f26faade18833fbef577a4295d8e2c94" }, { "url": "https://git.kernel.org/stable/c/21839b6fbc3c41b3e374ecbdb0cabbbb2c53cf34" }, { "url": "https://git.kernel.org/stable/c/db73500d3f0e558eb642aae1d4782e7726b4a03f" }, { "url": "https://git.kernel.org/stable/c/3644554d308ddf2669e459a1551a7edf60b2d62b" }, { "url": "https://git.kernel.org/stable/c/9403001ad65ae4f4c5de368bdda3a0636b51d51a" } ], "title": "nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()", "x_generator": { "engine": "bippy-c9c4e1df01b2" } } }, "cveMetadata": { "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", "cveID": "CVE-2024-47699", "requesterUserId": "gregkh@kernel.org", "serial": "1", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }