CVE-2024-53131

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 4, 2024
Updated: Dec 14, 2024
CWE ID 476

Summary

CVE-2024-53131 is a newly identified vulnerability in the Linux kernel that affects the nilfs2 filesystem. The issue involves a null pointer dereference in the 'block_touch_buffer' tracepoint, which occurs when using the 'block:block_touch_buffer' tracepoint with nilfs2. This vulnerability can result in a NULL pointer dereference or a general protection fault when KASAN is enabled. The root cause is that the tracepoint references the dev_t member bh->b_bdev->bd_dev, which may not have been properly initialized before the touch_buffer() call. The patch resolves this issue by eliminating the touch_buffer() call itself, as the common search helper for folio/page now marks the folio/page as accessed without the need for the touch_buffer() function.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share