CVE-2024-50118

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 5, 2024
Updated: Nov 8, 2024
CWE ID 476

Summary

[CVE-2024-50118]: A vulnerability in the Linux kernel's btrfs file system allows for a NULL pointer dereference during a filesystem reconfiguration. This issue occurs when attempting to mount a subvolume with read-write (rw) permissions on a filesystem initially mounted as read-only (ro), while another subvolume on the same filesystem is already mounted as rw. The vulnerability arises due to the skipping of option and feature checks during the reconfiguration process, leading to the v2 cache clearing and conversion back to v1 cache, causing fs writes and subsequent writes to the super block, resulting in a NULL pointer dereference. To mitigate this issue, the recommended fix is to ensure btrfs_check_options() is always run during mount reconfiguration to ensure proper hard RO requirements are met.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share