CVE-2024-26878

2024-04-1700:00:00

ubuntu.com

linux kernel

vulnerability

fix

null pointer

dereference

AI Score

7.7

Confidence

High

EPSS

Percentile

13.0%

JSON

In the Linux kernel, the following vulnerability has been resolved: quota:
Fix potential NULL pointer dereference Below race may cause NULL pointer
dereference P1 P2 dquot_free_inode quota_off drop_dquot_ref
remove_dquot_ref dquots = i_dquot(inode) dquots = i_dquot(inode)
srcu_read_lock dquots[cnt]) != NULL (1) dquots[type] = NULL (2)
spin_lock(&dquots[cnt]->dq_dqb_lock) (3) … If dquot_free_inode(or other
routines) checks inode’s quota pointers (1) before quota_off sets it to
NULL(2) and use it (3) after that, NULL pointer dereference will be
triggered. So let’s fix it by using a temporary pointer to avoid this
issue.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< 5.4.0-189.209UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-112.122UNKNOWN
ubuntu24.04noarchlinux< 6.8.0-35.35UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1128.138UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1063.69UNKNOWN
ubuntu24.04noarchlinux-aws< 6.8.0-1009.9UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1063.69~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< anyUNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1133.140UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< 5.4.0-189.209	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-112.122	UNKNOWN
ubuntu	24.04	noarch	linux	< 6.8.0-35.35	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1128.138	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1063.69	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< 6.8.0-1009.9	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1063.69~20.04.1	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< 5.4.0-1133.140	UNKNOWN