CVE-2024-26601

ext4: regenerate buddy after block freeing failed if under fc replay

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd ("ext4: remove redundant mb_regenerate_buddy()") and reintroduces mb_regenerate_buddy(). Based on code in mb_free_blocks(), fast commit replay can end up marking as free blocks that are already marked as such. This causes corruption of the buddy bitmap so we need to regenerate it in that case.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a patch
https://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326 patch
https://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4 patch
https://git.kernel.org/stable/c/ea42d6cffb0dd27a417f410b9d0011e9859328cb patch
https://git.kernel.org/stable/c/6b0d48647935e4b8c7b75d1eccb9043fcd4ee581 patch
https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4e patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Frequently Asked Questions

What is the severity of CVE-2024-26601?
CVE-2024-26601 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26601?
To fix CVE-2024-26601, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26601 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26601 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26601?
CVE-2024-26601 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.