CVE-2024-42295

MEDIUM EPSS 14.2%
Published Aug 17, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Aug 17, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle inconsistent state in nilfs_btnode_create_block() Syzbot reported that a buffer state inconsistency was detected in nilfs_btnode_create_block(), triggering a kernel bug. It is not appropriate to treat this inconsistency as a bug; it can occur if the argument block address (the buffer index of the newly created block) is a virtual block number and has been reallocated due to corruption of the bitmap used to manage its allocation state. So, modify nilfs_btnode_create_block() and its callers to treat it as a possible filesystem error, rather than triggering a kernel bug.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥2.6.30  –  <4.19.320
linuxlinux_kernel*≥4.20  –  <5.4.282
linuxlinux_kernel*≥5.5  –  <5.10.224
linuxlinux_kernel*≥5.11  –  <5.15.165
linuxlinux_kernel*≥5.16  –  <6.1.103
linuxlinux_kernel*≥6.2  –  <6.6.44
linuxlinux_kernel*≥6.7  –  <6.10.3

References 10

  • git.kernel.org https://git.kernel.org/stable/c/012be828a118bf496e666ef1fc47fc0e7358ada2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/02b87e6334a38c65eef49848d3f1ac422f0b2a44
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/19cce46238ffe3546e44b9c74057103ff8b24c62
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/366c3f688dd0288cbe38af1d3a886b5c62372e4a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4811f7af6090e8f5a398fbdd766f903ef6c0d787
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5f0a6800b8aec1b453c7fe4c44fcaac5ffe9d52e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/be56dfc9be0604291267c07b0e27a69a6bda4899
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e34191cce3ee63dfa5fb241904aaf2a042d5b6d8
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/012be828a118bf496e666ef1fc47fc0e7358ada2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/02b87e6334a38c65eef49848d3f1ac422f0b2a44
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/19cce46238ffe3546e44b9c74057103ff8b24c62
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/366c3f688dd0288cbe38af1d3a886b5c62372e4a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4811f7af6090e8f5a398fbdd766f903ef6c0d787
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5f0a6800b8aec1b453c7fe4c44fcaac5ffe9d52e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/be56dfc9be0604291267c07b0e27a69a6bda4899
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e34191cce3ee63dfa5fb241904aaf2a042d5b6d8
    Patch