CVE-2024-49877

MEDIUM EPSS 16.1%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate When doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger NULL pointer dereference in the following ocfs2_set_buffer_uptodate() if bh is NULL.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
16.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥4.20  –  <5.10.227
linuxlinux_kernel*≥5.11  –  <5.15.168
linuxlinux_kernel*≥5.16  –  <6.1.113
linuxlinux_kernel*≥6.2  –  <6.6.55
linuxlinux_kernel*≥6.7  –  <6.10.14
linuxlinux_kernel*≥6.11  –  <6.11.3
linuxlinux_kernel4.4.204any
linuxlinux_kernel4.9.204any
linuxlinux_kernel4.14.157any
linuxlinux_kernel4.19.87any

References 11

  • git.kernel.org https://git.kernel.org/stable/c/01cb2e751cc61ade454c9bc1aaa2eac1f8197112
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/190d98bcd61117a78fe185222d162180f061a6ca
  • git.kernel.org https://git.kernel.org/stable/c/33b525cef4cff49e216e4133cc48452e11c0391e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/46b1edf0536a5291a8ad2337f88c926214b209d9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4846e72ab5a0726e49ad4188b9d9df091ae78c64
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/61b84013e560382cbe7dd56758be3154d43a3988
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d52c5652e7dcb7a0648bbb8642cc3e617070ab49
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/df944dc46d06af65a75191183d52be017e6b9dbe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e68c8323355e8cedfbe0bec7d5a39009f61640b6
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/01cb2e751cc61ade454c9bc1aaa2eac1f8197112
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/33b525cef4cff49e216e4133cc48452e11c0391e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/46b1edf0536a5291a8ad2337f88c926214b209d9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4846e72ab5a0726e49ad4188b9d9df091ae78c64
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/61b84013e560382cbe7dd56758be3154d43a3988
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d52c5652e7dcb7a0648bbb8642cc3e617070ab49
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/df944dc46d06af65a75191183d52be017e6b9dbe
    Patch