CVE-2024-47757

nilfs2: fix potential oob read in nilfs_btree_check_delete()

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfs_btree_check_delete() The function nilfs_btree_check_delete(), which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory access outside the block buffer when retrieving the maximum key if the root node has no entries. This does not usually happen because b-tree mappings with 0 child nodes are never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen if the b-tree root node read from a device is configured that way, so fix this potential issue by adding a check for that case.

Category

7.1
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/f3a9859767c7aea758976f5523903d247e585129
https://git.kernel.org/stable/c/ed76d381dae125b81d09934e365391a656249da8
https://git.kernel.org/stable/c/d20674f31626e0596ae4c1d9401dfb6739b81b58 patch
https://git.kernel.org/stable/c/c4f8554996e8ada3be872dfb8f60e93bcf15fb27 patch
https://git.kernel.org/stable/c/a8abfda768b9f33630cfbc4af6c4214f1e5681b0 patch
https://git.kernel.org/stable/c/257f9e5185eb6de83377caea686c306e22e871f2 patch
https://git.kernel.org/stable/c/a33e967b681e088a125b979975c93e3453e686cd patch
https://git.kernel.org/stable/c/c4cbcc64bb31e67e02940ce060cc77f7180564cf patch
https://git.kernel.org/stable/c/f9c96351aa6718b42a9f42eaf7adce0356bdb5e8 patch

Frequently Asked Questions

What is the severity of CVE-2024-47757?
CVE-2024-47757 has been scored as a high severity vulnerability.
How to fix CVE-2024-47757?
To fix CVE-2024-47757, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-47757 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-47757 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-47757?
CVE-2024-47757 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.