CVE-2024-53131 (GCVE-0-2024-53131)

Vulnerability from cvelistv5 – Published: 2024-12-04 14:20 – Updated: 2025-11-03 22:29
VLAI?
Title
nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
Summary
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints". This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints. This patch (of 2): It has been reported that when using "block:block_touch_buffer" tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because since the tracepoint was added in touch_buffer(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, the block_device structure is set after the function returns to the caller. Here, touch_buffer() is used to mark the folio/page that owns the buffer head as accessed, but the common search helper for folio/page used by the caller function was optimized to mark the folio/page as accessed when it was reimplemented a long time ago, eliminating the need to call touch_buffer() here in the first place. So this solves the issue by eliminating the touch_buffer() call itself.
Severity ?
No CVSS data available.
Assigner
Impacted products
Vendor Product Version
Linux Linux Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 085556bf8c70e2629e02e79268dac3016a08b8bf (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 6438f3f42cda825f6f59b4e45ac3a1da28a6f2c9 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < b017697a517f8779ada4e8ce1c2c75dbf60a2636 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 19c71cdd77973f99a9adc3190130bc3aa7ae5423 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 3b2a4fd9bbee77afdd3ed5a05a0c02b6cde8d3b9 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 59b49ca67cca7b007a5afd3de0283c8008157665 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 77e47f89d32c2d72eb33d0becbce7abe14d061f4 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < cd45e963e44b0f10d90b9e6c0e8b4f47f3c92471 (git)
Create a notification for this product.
    Linux Linux Affected: 3.9
Unaffected: 0 , < 3.9 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.119 , ≤ 6.1.* (semver)
Unaffected: 6.6.63 , ≤ 6.6.* (semver)
Unaffected: 6.11.10 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:29:36.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/page.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "085556bf8c70e2629e02e79268dac3016a08b8bf",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "6438f3f42cda825f6f59b4e45ac3a1da28a6f2c9",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "b017697a517f8779ada4e8ce1c2c75dbf60a2636",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "19c71cdd77973f99a9adc3190130bc3aa7ae5423",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "3b2a4fd9bbee77afdd3ed5a05a0c02b6cde8d3b9",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "59b49ca67cca7b007a5afd3de0283c8008157665",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "77e47f89d32c2d72eb33d0becbce7abe14d061f4",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "cd45e963e44b0f10d90b9e6c0e8b4f47f3c92471",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/page.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.63",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.10",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix null-ptr-deref in block_touch_buffer tracepoint\n\nPatch series \"nilfs2: fix null-ptr-deref bugs on block tracepoints\".\n\nThis series fixes null pointer dereference bugs that occur when using\nnilfs2 and two block-related tracepoints.\n\n\nThis patch (of 2):\n\nIt has been reported that when using \"block:block_touch_buffer\"\ntracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a\nNULL pointer dereference, or a general protection fault when KASAN is\nenabled.\n\nThis happens because since the tracepoint was added in touch_buffer(), it\nreferences the dev_t member bh-\u003eb_bdev-\u003ebd_dev regardless of whether the\nbuffer head has a pointer to a block_device structure.  In the current\nimplementation, the block_device structure is set after the function\nreturns to the caller.\n\nHere, touch_buffer() is used to mark the folio/page that owns the buffer\nhead as accessed, but the common search helper for folio/page used by the\ncaller function was optimized to mark the folio/page as accessed when it\nwas reimplemented a long time ago, eliminating the need to call\ntouch_buffer() here in the first place.\n\nSo this solves the issue by eliminating the touch_buffer() call itself."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:53:49.029Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/085556bf8c70e2629e02e79268dac3016a08b8bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/6438f3f42cda825f6f59b4e45ac3a1da28a6f2c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/b017697a517f8779ada4e8ce1c2c75dbf60a2636"
        },
        {
          "url": "https://git.kernel.org/stable/c/19c71cdd77973f99a9adc3190130bc3aa7ae5423"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b2a4fd9bbee77afdd3ed5a05a0c02b6cde8d3b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/59b49ca67cca7b007a5afd3de0283c8008157665"
        },
        {
          "url": "https://git.kernel.org/stable/c/77e47f89d32c2d72eb33d0becbce7abe14d061f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd45e963e44b0f10d90b9e6c0e8b4f47f3c92471"
        }
      ],
      "title": "nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53131",
    "datePublished": "2024-12-04T14:20:37.455Z",
    "dateReserved": "2024-11-19T17:17:24.995Z",
    "dateUpdated": "2025-11-03T22:29:36.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…