CVE-2024-53131

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-53131
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53131.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-53131
Downstream
Related
Published
2024-12-04T15:15:13Z
Modified
2025-08-09T20:01:27Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix null-ptr-deref in blocktouchbuffer tracepoint

Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints".

This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints.

This patch (of 2):

It has been reported that when using "block:blocktouchbuffer" tracepoint, touchbuffer() called from _nilfsgetfolio_block() causes a NULL pointer dereference, or a general protection fault when KASAN is enabled.

This happens because since the tracepoint was added in touchbuffer(), it references the devt member bh->bbdev->bddev regardless of whether the buffer head has a pointer to a blockdevice structure. In the current implementation, the blockdevice structure is set after the function returns to the caller.

Here, touchbuffer() is used to mark the folio/page that owns the buffer head as accessed, but the common search helper for folio/page used by the caller function was optimized to mark the folio/page as accessed when it was reimplemented a long time ago, eliminating the need to call touchbuffer() here in the first place.

So this solves the issue by eliminating the touch_buffer() call itself.

References

Affected packages