Inode Duplication Vulnerability in Linux Kernel's nilfs2 File System
CVE-2024-53690

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

A vulnerability in the nilfs2 file system of the Linux kernel allows for inode duplication due to a corrupted inode bitmap. This issue occurs when a task attempts to unmount and remove directories at the same time, resulting in an underflow of the i_nlink counter during rmdir operations. The system can mistakenly treat an already deleted inode as a valid inode, causing unpredictable behavior. It is crucial to implement checks to verify that the inode is intact and not deleted before executing removal operations, ensuring system integrity.

Affected Version(s)

Linux d25006523d0b9e49fd097b2e974e7c8c05bd7f54 < 55e4baa0d32f0530ddc64c26620e1f2f8fa2724c

Linux d25006523d0b9e49fd097b2e974e7c8c05bd7f54 < 5d4ed71327b0b5f3b179a19dc3c06be9509ab3db

Linux d25006523d0b9e49fd097b2e974e7c8c05bd7f54 < 912188316a8c9e41b8c1603c2276a05043b14f96

References

https://git.kernel.org/stable/c/55e4baa0d32f0530ddc64c266...

https://git.kernel.org/stable/c/5d4ed71327b0b5f3b179a19dc...

https://git.kernel.org/stable/c/912188316a8c9e41b8c1603c2...

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025