CVE-2024-50218

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-50218
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50218.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-50218
Downstream
Related
Published
2024-11-09T10:14:29.708Z
Modified
2026-05-15T11:53:49.431575231Z
Summary
ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
Details

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: pass u64 to ocfs2truncateinline maybe overflow

Syzbot reported a kernel BUG in ocfs2truncateinline. There are two reasons for this: first, the parameter value passed is greater than ocfs2maxinlinedatawithxattr, second, the start and end parameters of ocfs2truncate_inline are "unsigned int".

So, we need to add a sanity check for bytestart and bytelen right before ocfs2truncateinline() in ocfs2removeinoderange(), if they are greater than ocfs2maxinlinedatawithxattr return -EINVAL.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50218.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.24
Fixed
4.19.323
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.285
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.229
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.171
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.116
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.60
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.11.7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50218.json"