CVE-2024-50202

nilfs2: propagate directory read errors from nilfs_find_entry()

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails. If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check, for example when it is zero-filled, nilfs_check_folio() may continue to spit out error messages in bursts. Fix this issue by propagating the error to the callers when loading a page/folio fails in nilfs_find_entry(). The current interface of nilfs_find_entry() and its callers is outdated and cannot propagate error codes such as -EIO and -ENOMEM returned via nilfs_find_entry(), so fix it together.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/bb857ae1efd3138c653239ed1e7aef14e1242c81 patch
https://git.kernel.org/stable/c/b4b3dc9e7e604be98a222e9f941f5e93798ca475 patch
https://git.kernel.org/stable/c/c1d0476885d708a932980b0f28cd90d9bd71db39 patch
https://git.kernel.org/stable/c/edf8146057264191d5bfe5b91773f13d936dadd3 patch
https://git.kernel.org/stable/c/270a6f9df35fa2aea01ec23770dc9b3fc9a12989 patch
https://git.kernel.org/stable/c/9698088ac7704e260f492d9c254e29ed7dd8729a patch
https://git.kernel.org/stable/c/efa810b15a25531cbc2f527330947b9fe16916e7 patch
https://git.kernel.org/stable/c/08cfa12adf888db98879dbd735bc741360a34168 patch

Frequently Asked Questions

What is the severity of CVE-2024-50202?
CVE-2024-50202 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50202?
To fix CVE-2024-50202, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50202 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50202 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50202?
CVE-2024-50202 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.