CVE-2024-49957

ocfs2: fix null-ptr-deref when journal load failed.

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journal_reset() fails because of too short journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() calls jbd2_journal_flush()->jbd2_cleanup_journal_tail()-> __jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail() ->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer dereference error. To resolve this issue, we should check the JBD2_LOADED flag to ensure the journal was properly loaded. Additionally, use journal instead of osb->journal directly to simplify the code.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/fd89d92c1140cee8f59de336cb37fa65e359c123
https://git.kernel.org/stable/c/703b2c7e0798d263154dc8593dc2345f75dc077f
https://git.kernel.org/stable/c/bf605ae98dab5c15c5b631d4d7f88898cb41b649 patch
https://git.kernel.org/stable/c/ff55291fb36779819211b596da703389135f5b05 patch
https://git.kernel.org/stable/c/82dfdd1e31e774578f76ce6dc90c834f96403a0f patch
https://git.kernel.org/stable/c/86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b patch
https://git.kernel.org/stable/c/f60e94a83db799bde625ac8671a5b4a6354e7120 patch
https://git.kernel.org/stable/c/387bf565cc03e2e8c720b8b4798efea4aacb6962 patch
https://git.kernel.org/stable/c/5784d9fcfd43bd853654bb80c87ef293b9e8e80a patch

Frequently Asked Questions

What is the severity of CVE-2024-49957?
CVE-2024-49957 has been scored as a medium severity vulnerability.
How to fix CVE-2024-49957?
To fix CVE-2024-49957, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-49957 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-49957 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-49957?
CVE-2024-49957 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.