CVE-2024-50218

MEDIUM EPSS 18.9%
Published Nov 9, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Nov 9, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Syzbot reported a kernel BUG in ocfs2_truncate_inline. There are two reasons for this: first, the parameter value passed is greater than ocfs2_max_inline_data_with_xattr, second, the start and end parameters of ocfs2_truncate_inline are "unsigned int". So, we need to add a sanity check for byte_start and byte_len right before ocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater than ocfs2_max_inline_data_with_xattr return -EINVAL.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
18.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥2.6.24  –  <4.19.323
linuxlinux_kernel*≥4.20  –  <5.4.285
linuxlinux_kernel*≥5.5  –  <5.10.229
linuxlinux_kernel*≥5.11  –  <5.15.171
linuxlinux_kernel*≥5.16  –  <6.1.116
linuxlinux_kernel*≥6.2  –  <6.6.60
linuxlinux_kernel*≥6.7  –  <6.11.7
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/0b6b8c2055784261de3fb641c5d0d63964318e8f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/27d95867bee806cdc448d122bd99f1d8b0544035
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2fe5d62e122b040ce7fc4d31aa7fa96ae328cefc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/70767689ec6ee5f05fb0a2c17d7ec1927946e486
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/88f97a4b5843ce21c1286e082c02a5fb4d8eb473
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95fbed8ae8c32c0977e6be1721c190d8fea23f2f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bc0a2f3a73fcdac651fca64df39306d1e5ebe3b0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ecd62f684386fa64f9c0cea92eea361f4e6444c2
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0b6b8c2055784261de3fb641c5d0d63964318e8f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/27d95867bee806cdc448d122bd99f1d8b0544035
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2fe5d62e122b040ce7fc4d31aa7fa96ae328cefc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/70767689ec6ee5f05fb0a2c17d7ec1927946e486
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/88f97a4b5843ce21c1286e082c02a5fb4d8eb473
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95fbed8ae8c32c0977e6be1721c190d8fea23f2f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bc0a2f3a73fcdac651fca64df39306d1e5ebe3b0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ecd62f684386fa64f9c0cea92eea361f4e6444c2
    Patch