In the Linux kernel, the following vulnerability has been resolved:
jfs: fix null ptr deref in dtInsertEntry
[syzbot reported]
general protection fault, probably for non-canonical address
0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 PID: 5061 Comm: syz-executor404 Not tainted
6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 03/27/2024
RIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713
…
[Analyze]
In dtInsertEntry(), when the pointer h has the same value as p, after
writing
name in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause
the
previously true judgment “p->header.flag & BT-LEAF” to change to no after
writing
the name operation, this leads to entering an incorrect branch and
accessing the
uninitialized object ih when judging this condition for the second time.
[Fix]
After got the page, check freelist first, if freelist == 0 then exit
dtInsert()
and return -EINVAL.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < any | UNKNOWN |
git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)
git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6
git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702
git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c
launchpad.net/bugs/cve/CVE-2024-44939
nvd.nist.gov/vuln/detail/CVE-2024-44939
security-tracker.debian.org/tracker/CVE-2024-44939
www.cve.org/CVERecord?id=CVE-2024-44939