CVE-2024-53131

MEDIUM EPSS 14.4%
Published Dec 4, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Dec 4, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints". This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints. This patch (of 2): It has been reported that when using "block:block_touch_buffer" tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because since the tracepoint was added in touch_buffer(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, the block_device structure is set after the function returns to the caller. Here, touch_buffer() is used to mark the folio/page that owns the buffer head as accessed, but the common search helper for folio/page used by the caller function was optimized to mark the folio/page as accessed when it was reimplemented a long time ago, eliminating the need to call touch_buffer() here in the first place. So this solves the issue by eliminating the touch_buffer() call itself.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥3.9  –  <6.1.119
linuxlinux_kernel*≥6.6.0  –  <6.6.63
linuxlinux_kernel*≥6.11.0  –  <6.11.10

References 10

  • git.kernel.org https://git.kernel.org/stable/c/085556bf8c70e2629e02e79268dac3016a08b8bf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/19c71cdd77973f99a9adc3190130bc3aa7ae5423
  • git.kernel.org https://git.kernel.org/stable/c/3b2a4fd9bbee77afdd3ed5a05a0c02b6cde8d3b9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59b49ca67cca7b007a5afd3de0283c8008157665
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6438f3f42cda825f6f59b4e45ac3a1da28a6f2c9
  • git.kernel.org https://git.kernel.org/stable/c/77e47f89d32c2d72eb33d0becbce7abe14d061f4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b017697a517f8779ada4e8ce1c2c75dbf60a2636
  • git.kernel.org https://git.kernel.org/stable/c/cd45e963e44b0f10d90b9e6c0e8b4f47f3c92471
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/085556bf8c70e2629e02e79268dac3016a08b8bf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3b2a4fd9bbee77afdd3ed5a05a0c02b6cde8d3b9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59b49ca67cca7b007a5afd3de0283c8008157665
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/77e47f89d32c2d72eb33d0becbce7abe14d061f4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cd45e963e44b0f10d90b9e6c0e8b4f47f3c92471
    Patch