CVE-2024-49957
- Source
- https://cve.org/CVERecord?id=CVE-2024-49957
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49957.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-49957
- Downstream
- Related
- Published
- 2024-10-21T18:02:11.046Z
- Modified
- 2026-03-11T07:51:40.363850Z
- Summary
- ocfs2: fix null-ptr-deref when journal load failed.
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix null-ptr-deref when journal load failed.
During the mounting process, if journalreset() fails because of too short journal, then lead to jbd2journalload() fails with NULL jsbbuffer. Subsequently, ocfs2journalshutdown() calls jbd2journalflush()->jbd2cleanupjournaltail()-> _jbd2updatelogtail()->jbd2journalupdatesblogtail() ->lockbuffer(journal->jsbbuffer), resulting in a null-pointer dereference error.
To resolve this issue, we should check the JBD2_LOADED flag to ensure the journal was properly loaded. Additionally, use journal instead of osb->journal directly to simplify the code.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49957.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/387bf565cc03e2e8c720b8b4798efea4aacb6962
- https://git.kernel.org/stable/c/5784d9fcfd43bd853654bb80c87ef293b9e8e80a
- https://git.kernel.org/stable/c/703b2c7e0798d263154dc8593dc2345f75dc077f
- https://git.kernel.org/stable/c/82dfdd1e31e774578f76ce6dc90c834f96403a0f
- https://git.kernel.org/stable/c/86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b
- https://git.kernel.org/stable/c/bf605ae98dab5c15c5b631d4d7f88898cb41b649
- https://git.kernel.org/stable/c/f60e94a83db799bde625ac8671a5b4a6354e7120
- https://git.kernel.org/stable/c/fd89d92c1140cee8f59de336cb37fa65e359c123
- https://git.kernel.org/stable/c/ff55291fb36779819211b596da703389135f5b05
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49957.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-49957
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf6f50e28f0cb8d7bcdfaacc83129f005dede11b1Fixedfd89d92c1140cee8f59de336cb37fa65e359c123Fixed703b2c7e0798d263154dc8593dc2345f75dc077fFixedbf605ae98dab5c15c5b631d4d7f88898cb41b649Fixedff55291fb36779819211b596da703389135f5b05Fixed82dfdd1e31e774578f76ce6dc90c834f96403a0fFixed86a89e75e9e4dfa768b97db466ad6bedf2e7ea5bFixedf60e94a83db799bde625ac8671a5b4a6354e7120Fixed387bf565cc03e2e8c720b8b4798efea4aacb6962Fixed5784d9fcfd43bd853654bb80c87ef293b9e8e80a