Sanity Check Added to Prevent Overflow in ocfs2_truncate_inline
CVE-2024-50218

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
9 November 2024

What is CVE-2024-50218?

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow

Syzbot reported a kernel BUG in ocfs2_truncate_inline. There are two reasons for this: first, the parameter value passed is greater than ocfs2_max_inline_data_with_xattr, second, the start and end parameters of ocfs2_truncate_inline are "unsigned int".

So, we need to add a sanity check for byte_start and byte_len right before ocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater than ocfs2_max_inline_data_with_xattr return -EINVAL.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1afc32b952335f665327a1a9001ba1b44bb76fd9 < 27d95867bee806cdc448d122bd99f1d8b0544035

Linux 1afc32b952335f665327a1a9001ba1b44bb76fd9 < 95fbed8ae8c32c0977e6be1721c190d8fea23f2f

Linux 1afc32b952335f665327a1a9001ba1b44bb76fd9 < 70767689ec6ee5f05fb0a2c17d7ec1927946e486

References

https://git.kernel.org/stable/c/27d95867bee806cdc448d122b...
https://git.kernel.org/stable/c/95fbed8ae8c32c0977e6be172...
https://git.kernel.org/stable/c/70767689ec6ee5f05fb0a2c17...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.