5.5

CVE-2024-50202

nilfs2: propagate directory read errors from nilfs_find_entry()

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: propagate directory read errors from nilfs_find_entry()

Syzbot reported that a task hang occurs in vcs_open() during a fuzzing
test for nilfs2.

The root cause of this problem is that in nilfs_find_entry(), which
searches for directory entries, ignores errors when loading a directory
page/folio via nilfs_get_folio() fails.

If the filesystem images is corrupted, and the i_size of the directory
inode is large, and the directory page/folio is successfully read but
fails the sanity check, for example when it is zero-filled,
nilfs_check_folio() may continue to spit out error messages in bursts.

Fix this issue by propagating the error to the callers when loading a
page/folio fails in nilfs_find_entry().

The current interface of nilfs_find_entry() and its callers is outdated
and cannot propagate error codes such as -EIO and -ENOMEM returned via
nilfs_find_entry(), so fix it together.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.30 < 4.19.323
LinuxLinux Kernel Version >= 4.20 < 5.4.285
LinuxLinux Kernel Version >= 5.5 < 5.10.228
LinuxLinux Kernel Version >= 5.11 < 5.15.169
LinuxLinux Kernel Version >= 5.16 < 6.1.114
LinuxLinux Kernel Version >= 6.2 < 6.6.58
LinuxLinux Kernel Version >= 6.7 < 6.11.5
LinuxLinux Kernel Version6.12 Updaterc1
LinuxLinux Kernel Version6.12 Updaterc2
LinuxLinux Kernel Version6.12 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.137
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://git.kernel.org/stable/c/08cfa12adf888db98879dbd735bc741360a34168
Patch
https://git.kernel.org/stable/c/270a6f9df35fa2aea01ec23770dc9b3fc9a12989
Patch
https://git.kernel.org/stable/c/9698088ac7704e260f492d9c254e29ed7dd8729a
Patch
https://git.kernel.org/stable/c/b4b3dc9e7e604be98a222e9f941f5e93798ca475
Patch
https://git.kernel.org/stable/c/bb857ae1efd3138c653239ed1e7aef14e1242c81
Patch
https://git.kernel.org/stable/c/c1d0476885d708a932980b0f28cd90d9bd71db39
Patch
https://git.kernel.org/stable/c/edf8146057264191d5bfe5b91773f13d936dadd3
Patch
https://git.kernel.org/stable/c/efa810b15a25531cbc2f527330947b9fe16916e7
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html