CVE-2024-50015
- Source
- https://cve.org/CVERecord?id=CVE-2024-50015
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50015.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50015
- Downstream
- Related
- Published
- 2024-10-21T18:54:06.465Z
- Modified
- 2026-03-20T12:39:31.299858Z
- Summary
- ext4: dax: fix overflowing extents beyond inode size when partially writing
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ext4: dax: fix overflowing extents beyond inode size when partially writing
The daxiomaprw() does two things in each iteration: map written blocks and copy user data to blocks. If the process is killed by user(See signal handling in daxiomapiter()), the copied data will be returned and added on inode size, which means that the length of written extents may exceed the inode size, then fsck will fail. An example is given as:
dd if=/dev/urandom of=file bs=4M count=1 daxiomaprw iomapiter // round 1 ext4iomapbegin ext4iomapalloc // allocate 0~2M extents(written flag) daxiomapiter // copy 2M data iomapiter // round 2 iomapiteradvance iter->pos += iter->processed // iter->pos = 2M ext4iomapbegin ext4iomapalloc // allocate 2~4M extents(written flag) daxiomapiter fatalsignalpending done = iter->pos - iocb->kipos // done = 2M ext4handleinodeextension ext4updateinode_size // inode size = 2M
fsck reports: Inode 13, i_size is 2097152, should be 4194304. Fix?
Fix the problem by truncating extents if the written length is smaller than expected.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50015.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/5efccdee4a7d507a483f20f880b809cc4eaef14d
- https://git.kernel.org/stable/c/8c30a9a8610c314554997f86370140746aa35661
- https://git.kernel.org/stable/c/a9f331f51515bdb3ebc8d0963131af367ef468f6
- https://git.kernel.org/stable/c/abfaa876b948baaea4d14f21a1963789845c8b4c
- https://git.kernel.org/stable/c/dda898d7ffe85931f9cca6d702a51f33717c501e
- https://git.kernel.org/stable/c/ec0dd451e236c46e4858d53e9e82bae7797a7af5
- https://git.kernel.org/stable/c/f8a7c342326f6ad1dfdb30a18dd013c70f5e9669
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50015.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-50015
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced776722e85d3b0936253ecc3d14db4fba37f191baFixedf8a7c342326f6ad1dfdb30a18dd013c70f5e9669Fixed8c30a9a8610c314554997f86370140746aa35661Fixedabfaa876b948baaea4d14f21a1963789845c8b4cFixed5efccdee4a7d507a483f20f880b809cc4eaef14dFixeda9f331f51515bdb3ebc8d0963131af367ef468f6Fixedec0dd451e236c46e4858d53e9e82bae7797a7af5Fixeddda898d7ffe85931f9cca6d702a51f33717c501e