CVE-2024-44939

Updated: 2024-09-14 04:53:16.989734

Description:

In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry [syzbot reported] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713 ... [Analyze] In dtInsertEntry(), when the pointer h has the same value as p, after writing name in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the previously true judgment "p->header.flag & BT-LEAF" to change to no after writing the name operation, this leads to entering an incorrect branch and accessing the uninitialized object ih when judging this condition for the second time. [Fix] After got the page, check freelist first, if freelist == 0 then exit dtInsert() and return -EINVAL.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Ignored 2024-09-16 12:23:19
AlmaLinux 9.2 FIPS kernel 5.14.0 5.5 MEDIUM Ignored 2024-09-16 12:23:19
CentOS 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-09-16 12:23:20
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-09-16 12:23:19
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-09-16 12:23:19
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-09-16 12:23:19
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-09-16 12:23:19
CloudLinux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-09-16 12:23:19
CloudLinux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-09-16 12:23:19
Oracle Linux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-09-16 12:23:19
Total: 14