CVE-2024-50202
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-50202
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50202.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50202
- Downstream
- Related
- Published
- 2024-11-08T05:56:16.544Z
- Modified
- 2025-11-28T02:34:39.127635Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- nilfs2: propagate directory read errors from nilfs_find_entry()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: propagate directory read errors from nilfsfindentry()
Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2.
The root cause of this problem is that in nilfsfindentry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfsgetfolio() fails.
If the filesystem images is corrupted, and the isize of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check, for example when it is zero-filled, nilfscheck_folio() may continue to spit out error messages in bursts.
Fix this issue by propagating the error to the callers when loading a page/folio fails in nilfsfindentry().
The current interface of nilfsfindentry() and its callers is outdated and cannot propagate error codes such as -EIO and -ENOMEM returned via nilfsfindentry(), so fix it together.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50202.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/08cfa12adf888db98879dbd735bc741360a34168
- https://git.kernel.org/stable/c/270a6f9df35fa2aea01ec23770dc9b3fc9a12989
- https://git.kernel.org/stable/c/9698088ac7704e260f492d9c254e29ed7dd8729a
- https://git.kernel.org/stable/c/b4b3dc9e7e604be98a222e9f941f5e93798ca475
- https://git.kernel.org/stable/c/bb857ae1efd3138c653239ed1e7aef14e1242c81
- https://git.kernel.org/stable/c/c1d0476885d708a932980b0f28cd90d9bd71db39
- https://git.kernel.org/stable/c/edf8146057264191d5bfe5b91773f13d936dadd3
- https://git.kernel.org/stable/c/efa810b15a25531cbc2f527330947b9fe16916e7
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50202.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-50202
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2ba466d74ed74f073257f86e61519cb8f8f46184Fixedbb857ae1efd3138c653239ed1e7aef14e1242c81Fixedb4b3dc9e7e604be98a222e9f941f5e93798ca475Fixedc1d0476885d708a932980b0f28cd90d9bd71db39Fixededf8146057264191d5bfe5b91773f13d936dadd3Fixed270a6f9df35fa2aea01ec23770dc9b3fc9a12989Fixed9698088ac7704e260f492d9c254e29ed7dd8729aFixedefa810b15a25531cbc2f527330947b9fe16916e7Fixed08cfa12adf888db98879dbd735bc741360a34168
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.30Fixed4.19.323
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.285
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.228
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.169
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.114
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.58
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.11.5