CVE-2024-50218

UNKNOWN

Published 2024-11-09T10:14:29.708Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-50218. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow

Syzbot reported a kernel BUG in ocfs2_truncate_inline. There are two
reasons for this: first, the parameter value passed is greater than
ocfs2_max_inline_data_with_xattr, second, the start and end parameters of
ocfs2_truncate_inline are "unsigned int".

So, we need to add a sanity check for byte_start and byte_len right before
ocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater
than ocfs2_max_inline_data_with_xattr return -EINVAL.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

1afc32b952335f665327a1a9001ba1b44bb76fd9 1afc32b952335f665327a1a9001ba1b44bb76fd9 1afc32b952335f665327a1a9001ba1b44bb76fd9 1afc32b952335f665327a1a9001ba1b44bb76fd9 1afc32b952335f665327a1a9001ba1b44bb76fd9 1afc32b952335f665327a1a9001ba1b44bb76fd9 1afc32b952335f665327a1a9001ba1b44bb76fd9 1afc32b952335f665327a1a9001ba1b44bb76fd9

Linux