CVE-2024-50265
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-50265 is a vulnerability affecting the Linux kernel's ocfs2 file system. A null-pointer dereference issue was identified in the `ocfs2_xa_remove()` function, which can be triggered by Syzkaller. This vulnerability can result in the leaking of clusters and the removal of an entry. The root cause is a double call to `ocfs2_xa_remove_entry()`, which should only be called once. Developers recommend fixing this issue by ensuring that `ocfs2_xa_cleanup_value_truncate()` only wipes the entry if it is going to do so anyway, preventing the second unnecessary call to `ocfs2_xa_remove_entry()`.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX