5.5

CVE-2024-50087

btrfs: fix uninitialized pointer free on read_alloc_one_name() error

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix uninitialized pointer free on read_alloc_one_name() error

The function read_alloc_one_name() does not initialize the name field of
the passed fscrypt_str struct if kmalloc fails to allocate the
corresponding buffer.  Thus, it is not guaranteed that
fscrypt_str.name is initialized when freeing it.

This is a follow-up to the linked patch that fixes the remaining
instances of the bug introduced by commit e43eec81c516 ("btrfs: use
struct qstr instead of name and namelen pairs").
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.1.57 < 6.1.114
LinuxLinux Kernel Version >= 6.2 < 6.6.58
LinuxLinux Kernel Version >= 6.7 < 6.11.5
LinuxLinux Kernel Version6.12 Updaterc1
LinuxLinux Kernel Version6.12 Updaterc2
LinuxLinux Kernel Version6.12 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.105
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

https://git.kernel.org/stable/c/1ec28de5e476913ae51f909660b4447eddb28838
Patch
https://git.kernel.org/stable/c/2ab5e243c2266c841e0f6904fad1514b18eaf510
Patch
https://git.kernel.org/stable/c/7fc7c47b9ba0cf2d192f2117a64b24881b0b577f
Patch
https://git.kernel.org/stable/c/b37de9491f140a0ff125c27dd1050185c3accbc1
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html