CVE-2024-50265

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 19, 2024
Updated: Nov 21, 2024
CWE ID 476

Summary

CVE-2024-50265 is a vulnerability affecting the Linux kernel's ocfs2 file system. A null-pointer dereference issue was identified in the `ocfs2_xa_remove()` function, which can be triggered by Syzkaller. This vulnerability can result in the leaking of clusters and the removal of an entry. The root cause is a double call to `ocfs2_xa_remove_entry()`, which should only be called once. Developers recommend fixing this issue by ensuring that `ocfs2_xa_cleanup_value_truncate()` only wipes the entry if it is going to do so anyway, preventing the second unnecessary call to `ocfs2_xa_remove_entry()`.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share