CVE-2024-40952 (GCVE-0-2024-40952)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:31 – Updated: 2026-05-11 20:23
VLAI
Title
ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()
Summary
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() bdev->bd_super has been removed and commit 8887b94d9322 change the usage from bdev->bd_super to b_assoc_map->host->i_sb. This introduces the following NULL pointer dereference in ocfs2_journal_dirty() since b_assoc_map is still not initialized. This can be easily reproduced by running xfstests generic/186, which simulate no more credits. [ 134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000 ... [ 134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2] ... [ 134.365071] Call Trace: [ 134.365312] <TASK> [ 134.365524] ? __die_body+0x1e/0x60 [ 134.365868] ? page_fault_oops+0x13d/0x4f0 [ 134.366265] ? __pfx_bit_wait_io+0x10/0x10 [ 134.366659] ? schedule+0x27/0xb0 [ 134.366981] ? exc_page_fault+0x6a/0x140 [ 134.367356] ? asm_exc_page_fault+0x26/0x30 [ 134.367762] ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2] [ 134.368305] ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2] [ 134.368837] ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2] [ 134.369454] ocfs2_grow_tree+0x688/0x8a0 [ocfs2] [ 134.369927] ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2] [ 134.370521] ocfs2_split_extent+0x314/0x4d0 [ocfs2] [ 134.371019] ocfs2_change_extent_flag+0x174/0x410 [ocfs2] [ 134.371566] ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2] [ 134.372117] ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2] [ 134.372994] ? inode_update_timestamps+0x4a/0x120 [ 134.373692] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.374545] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.375393] ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2] [ 134.376197] ocfs2_remap_file_range+0x1de/0x390 [ocfs2] [ 134.376971] ? security_file_permission+0x29/0x50 [ 134.377644] vfs_clone_file_range+0xfe/0x320 [ 134.378268] ioctl_file_clone+0x45/0xa0 [ 134.378853] do_vfs_ioctl+0x457/0x990 [ 134.379422] __x64_sys_ioctl+0x6e/0xd0 [ 134.379987] do_syscall_64+0x5d/0x170 [ 134.380550] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 134.381231] RIP: 0033:0x7fa4926397cb [ 134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48 [ 134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb [ 134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003 [ 134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000 [ 134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000 [ 134.389207] </TASK> Fix it by only aborting transaction and journal in ocfs2_journal_dirty() now, and leave ocfs2_abort() later when detecting an aborted handle, e.g. start next transaction. Also log the handle details in this case.
Severity
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 8887b94d93224e0ef7e1bc6369640e313b8b12f4 , < 0550ad87711f815b3d73e487ec58ca7d8f56edbc (git)
Affected: 8887b94d93224e0ef7e1bc6369640e313b8b12f4 , < 72663d3e09091f431a0774227ca207c0358362dd (git)
Affected: 8887b94d93224e0ef7e1bc6369640e313b8b12f4 , < 58f7e1e2c9e72c7974054c64c3abeac81c11f822 (git)
Create a notification for this product.
Linux Linux Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:55.281Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0550ad87711f815b3d73e487ec58ca7d8f56edbc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/72663d3e09091f431a0774227ca207c0358362dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/58f7e1e2c9e72c7974054c64c3abeac81c11f822"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40952",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:03:55.352305Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:24.609Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/journal.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0550ad87711f815b3d73e487ec58ca7d8f56edbc",
              "status": "affected",
              "version": "8887b94d93224e0ef7e1bc6369640e313b8b12f4",
              "versionType": "git"
            },
            {
              "lessThan": "72663d3e09091f431a0774227ca207c0358362dd",
              "status": "affected",
              "version": "8887b94d93224e0ef7e1bc6369640e313b8b12f4",
              "versionType": "git"
            },
            {
              "lessThan": "58f7e1e2c9e72c7974054c64c3abeac81c11f822",
              "status": "affected",
              "version": "8887b94d93224e0ef7e1bc6369640e313b8b12f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/journal.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()\n\nbdev-\u003ebd_super has been removed and commit 8887b94d9322 change the usage\nfrom bdev-\u003ebd_super to b_assoc_map-\u003ehost-\u003ei_sb.  This introduces the\nfollowing NULL pointer dereference in ocfs2_journal_dirty() since\nb_assoc_map is still not initialized.  This can be easily reproduced by\nrunning xfstests generic/186, which simulate no more credits.\n\n[  134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000\n...\n[  134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2]\n...\n[  134.365071] Call Trace:\n[  134.365312]  \u003cTASK\u003e\n[  134.365524]  ? __die_body+0x1e/0x60\n[  134.365868]  ? page_fault_oops+0x13d/0x4f0\n[  134.366265]  ? __pfx_bit_wait_io+0x10/0x10\n[  134.366659]  ? schedule+0x27/0xb0\n[  134.366981]  ? exc_page_fault+0x6a/0x140\n[  134.367356]  ? asm_exc_page_fault+0x26/0x30\n[  134.367762]  ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2]\n[  134.368305]  ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2]\n[  134.368837]  ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2]\n[  134.369454]  ocfs2_grow_tree+0x688/0x8a0 [ocfs2]\n[  134.369927]  ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2]\n[  134.370521]  ocfs2_split_extent+0x314/0x4d0 [ocfs2]\n[  134.371019]  ocfs2_change_extent_flag+0x174/0x410 [ocfs2]\n[  134.371566]  ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2]\n[  134.372117]  ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2]\n[  134.372994]  ? inode_update_timestamps+0x4a/0x120\n[  134.373692]  ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]\n[  134.374545]  ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]\n[  134.375393]  ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2]\n[  134.376197]  ocfs2_remap_file_range+0x1de/0x390 [ocfs2]\n[  134.376971]  ? security_file_permission+0x29/0x50\n[  134.377644]  vfs_clone_file_range+0xfe/0x320\n[  134.378268]  ioctl_file_clone+0x45/0xa0\n[  134.378853]  do_vfs_ioctl+0x457/0x990\n[  134.379422]  __x64_sys_ioctl+0x6e/0xd0\n[  134.379987]  do_syscall_64+0x5d/0x170\n[  134.380550]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  134.381231] RIP: 0033:0x7fa4926397cb\n[  134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48\n[  134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[  134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb\n[  134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003\n[  134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000\n[  134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n[  134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000\n[  134.389207]  \u003c/TASK\u003e\n\nFix it by only aborting transaction and journal in ocfs2_journal_dirty()\nnow, and leave ocfs2_abort() later when detecting an aborted handle,\ne.g. start next transaction. Also log the handle details in this case."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:23:00.265Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0550ad87711f815b3d73e487ec58ca7d8f56edbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/72663d3e09091f431a0774227ca207c0358362dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/58f7e1e2c9e72c7974054c64c3abeac81c11f822"
        }
      ],
      "title": "ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40952",
    "datePublished": "2024-07-12T12:31:56.160Z",
    "dateReserved": "2024-07-12T12:17:45.592Z",
    "dateUpdated": "2026-05-11T20:23:00.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-40952",
      "date": "2026-05-26",
      "epss": "0.00035",
      "percentile": "0.10518"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.6\", \"versionEndExcluding\": \"6.6.36\", \"matchCriteriaId\": \"7811AF31-E4C8-4CC1-8D27-717621D639B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7\", \"versionEndExcluding\": \"6.9.7\", \"matchCriteriaId\": \"0A047AF2-94AC-4A3A-B32D-6AB930D8EF1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EBB4392-5FA6-4DA9-9772-8F9C750109FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"331C2F14-12C7-45D5-893D-8C52EE38EA10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"3173713D-909A-4DD3-9DD4-1E171EB057EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"79F18AFA-40F7-43F0-BA30-7BDB65F918B9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()\\n\\nbdev-\u003ebd_super has been removed and commit 8887b94d9322 change the usage\\nfrom bdev-\u003ebd_super to b_assoc_map-\u003ehost-\u003ei_sb.  This introduces the\\nfollowing NULL pointer dereference in ocfs2_journal_dirty() since\\nb_assoc_map is still not initialized.  This can be easily reproduced by\\nrunning xfstests generic/186, which simulate no more credits.\\n\\n[  134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000\\n...\\n[  134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2]\\n...\\n[  134.365071] Call Trace:\\n[  134.365312]  \u003cTASK\u003e\\n[  134.365524]  ? __die_body+0x1e/0x60\\n[  134.365868]  ? page_fault_oops+0x13d/0x4f0\\n[  134.366265]  ? __pfx_bit_wait_io+0x10/0x10\\n[  134.366659]  ? schedule+0x27/0xb0\\n[  134.366981]  ? exc_page_fault+0x6a/0x140\\n[  134.367356]  ? asm_exc_page_fault+0x26/0x30\\n[  134.367762]  ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2]\\n[  134.368305]  ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2]\\n[  134.368837]  ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2]\\n[  134.369454]  ocfs2_grow_tree+0x688/0x8a0 [ocfs2]\\n[  134.369927]  ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2]\\n[  134.370521]  ocfs2_split_extent+0x314/0x4d0 [ocfs2]\\n[  134.371019]  ocfs2_change_extent_flag+0x174/0x410 [ocfs2]\\n[  134.371566]  ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2]\\n[  134.372117]  ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2]\\n[  134.372994]  ? inode_update_timestamps+0x4a/0x120\\n[  134.373692]  ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]\\n[  134.374545]  ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]\\n[  134.375393]  ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2]\\n[  134.376197]  ocfs2_remap_file_range+0x1de/0x390 [ocfs2]\\n[  134.376971]  ? security_file_permission+0x29/0x50\\n[  134.377644]  vfs_clone_file_range+0xfe/0x320\\n[  134.378268]  ioctl_file_clone+0x45/0xa0\\n[  134.378853]  do_vfs_ioctl+0x457/0x990\\n[  134.379422]  __x64_sys_ioctl+0x6e/0xd0\\n[  134.379987]  do_syscall_64+0x5d/0x170\\n[  134.380550]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n[  134.381231] RIP: 0033:0x7fa4926397cb\\n[  134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48\\n[  134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\\n[  134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb\\n[  134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003\\n[  134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000\\n[  134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\\n[  134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000\\n[  134.389207]  \u003c/TASK\u003e\\n\\nFix it by only aborting transaction and journal in ocfs2_journal_dirty()\\nnow, and leave ocfs2_abort() later when detecting an aborted handle,\\ne.g. start next transaction. Also log the handle details in this case.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se resolvi\\u00f3 la siguiente vulnerabilidad: ocfs2: corrigi\\u00f3 la desreferencia del puntero NULL en ocfs2_journal_dirty() bdev-\u0026gt;bd_super se elimin\\u00f3 y commit 8887b94d9322 cambi\\u00f3 el uso de bdev-\u0026gt;bd_super a b_assoc_map-\u0026gt;host-\u0026gt;i_sb. Esto introduce la siguiente desreferencia del puntero NULL en ocfs2_journal_dirty() ya que b_assoc_map a\\u00fan no est\\u00e1 inicializado. Esto se puede reproducir f\\u00e1cilmente ejecutando xfstests generic/186, que no simula m\\u00e1s cr\\u00e9ditos. [134.351592] ERROR: desreferencia del puntero NULL del kernel, direcci\\u00f3n: 0000000000000000... [134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2]... [134.365071] Seguimiento de llamadas: [134.3653 12]  [134.365524] ? __die_body+0x1e/0x60 [ 134.365868] ? page_fault_oops+0x13d/0x4f0 [134.366265]? __pfx_bit_wait_io+0x10/0x10 [134.366659]? horario+0x27/0xb0 [ 134.366981] ? exc_page_fault+0x6a/0x140 [134.367356]? asm_exc_page_fault+0x26/0x30 [134.367762]? ocfs2_journal_dirty+0x14f/0x160 [ocfs2] [ 134.368305] ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2] [ 134.368837] ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2] [ 134.369454] ocfs2_grow_tree+0x688/0x8a0 [ocfs2] 134.369927] ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2] [ 134.370521] ocfs2_split_extent+0x314/0x4d0 [ocfs2] [ 134.371019] ocfs2_change_extent_flag+0x174/0x410 [ocfs2] [ 134.371566] ocfs2_add_refcount_flag+0x3fa/0x630 ocfs2] [134.372117] ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2] [134.372994]? inode_update_timestamps+0x4a/0x120 [134.373692]? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.374545] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.375393] ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2] [ 134.376197] ocfs2_remap_file_range+0x1de/0x390 [ocfs2] [ 13 4.376971] ? permiso_archivo_seguridad+0x29/0x50 [ 134.377644] vfs_clone_file_range+0xfe/0x320 [ 134.378268] ioctl_file_clone+0x45/0xa0 [ 134.378853] do_vfs_ioctl+0x457/0x990 [ 134.379 422] __x64_sys_ioctl+0x6e/0xd0 [ 134.379987] do_syscall_64+0x5d/0x170 [ 134.380550] entrada_SYSCALL_64_after_hwframe+ 0x76/0x7e [ 134.381231] RIP: 0033:0x7fa4926397cb [ 134.381786] C\\u00f3digo: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f f84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48 [ 134.383930] RSP: 002b:00007ffc2b39f7b8 : 00000246 ORIG_RAX: 00000000000000010 [ 134.384854] RAX : ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb [ 134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003 [ 134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000 [ 134.387476] R10: 0000000000000000 R11: 0000000000000 246 R12: 0000000000000000 [ 134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000 [ 134.389207]  Solucionelo abortando solo la transacci\\u00f3n y el diario en ocfs2_journal_dirty() ahora, y deje ocfs2_abort() m\\u00e1s tarde cuando detecte un identificador abortado, por ejemplo, iniciar la siguiente transacci\\u00f3n. En este caso, registre tambi\\u00e9n los detalles del identificador.\"}]",
      "id": "CVE-2024-40952",
      "lastModified": "2024-11-21T09:31:56.157",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2024-07-12T13:15:17.477",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/0550ad87711f815b3d73e487ec58ca7d8f56edbc\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/58f7e1e2c9e72c7974054c64c3abeac81c11f822\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/72663d3e09091f431a0774227ca207c0358362dd\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/0550ad87711f815b3d73e487ec58ca7d8f56edbc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/58f7e1e2c9e72c7974054c64c3abeac81c11f822\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/72663d3e09091f431a0774227ca207c0358362dd\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-40952\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-12T13:15:17.477\",\"lastModified\":\"2024-11-21T09:31:56.157\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()\\n\\nbdev-\u003ebd_super has been removed and commit 8887b94d9322 change the usage\\nfrom bdev-\u003ebd_super to b_assoc_map-\u003ehost-\u003ei_sb.  This introduces the\\nfollowing NULL pointer dereference in ocfs2_journal_dirty() since\\nb_assoc_map is still not initialized.  This can be easily reproduced by\\nrunning xfstests generic/186, which simulate no more credits.\\n\\n[  134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000\\n...\\n[  134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2]\\n...\\n[  134.365071] Call Trace:\\n[  134.365312]  \u003cTASK\u003e\\n[  134.365524]  ? __die_body+0x1e/0x60\\n[  134.365868]  ? page_fault_oops+0x13d/0x4f0\\n[  134.366265]  ? __pfx_bit_wait_io+0x10/0x10\\n[  134.366659]  ? schedule+0x27/0xb0\\n[  134.366981]  ? exc_page_fault+0x6a/0x140\\n[  134.367356]  ? asm_exc_page_fault+0x26/0x30\\n[  134.367762]  ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2]\\n[  134.368305]  ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2]\\n[  134.368837]  ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2]\\n[  134.369454]  ocfs2_grow_tree+0x688/0x8a0 [ocfs2]\\n[  134.369927]  ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2]\\n[  134.370521]  ocfs2_split_extent+0x314/0x4d0 [ocfs2]\\n[  134.371019]  ocfs2_change_extent_flag+0x174/0x410 [ocfs2]\\n[  134.371566]  ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2]\\n[  134.372117]  ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2]\\n[  134.372994]  ? inode_update_timestamps+0x4a/0x120\\n[  134.373692]  ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]\\n[  134.374545]  ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]\\n[  134.375393]  ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2]\\n[  134.376197]  ocfs2_remap_file_range+0x1de/0x390 [ocfs2]\\n[  134.376971]  ? security_file_permission+0x29/0x50\\n[  134.377644]  vfs_clone_file_range+0xfe/0x320\\n[  134.378268]  ioctl_file_clone+0x45/0xa0\\n[  134.378853]  do_vfs_ioctl+0x457/0x990\\n[  134.379422]  __x64_sys_ioctl+0x6e/0xd0\\n[  134.379987]  do_syscall_64+0x5d/0x170\\n[  134.380550]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n[  134.381231] RIP: 0033:0x7fa4926397cb\\n[  134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48\\n[  134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\\n[  134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb\\n[  134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003\\n[  134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000\\n[  134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\\n[  134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000\\n[  134.389207]  \u003c/TASK\u003e\\n\\nFix it by only aborting transaction and journal in ocfs2_journal_dirty()\\nnow, and leave ocfs2_abort() later when detecting an aborted handle,\\ne.g. start next transaction. Also log the handle details in this case.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ocfs2: corrigi\u00f3 la desreferencia del puntero NULL en ocfs2_journal_dirty() bdev-\u0026gt;bd_super se elimin\u00f3 y commit 8887b94d9322 cambi\u00f3 el uso de bdev-\u0026gt;bd_super a b_assoc_map-\u0026gt;host-\u0026gt;i_sb. Esto introduce la siguiente desreferencia del puntero NULL en ocfs2_journal_dirty() ya que b_assoc_map a\u00fan no est\u00e1 inicializado. Esto se puede reproducir f\u00e1cilmente ejecutando xfstests generic/186, que no simula m\u00e1s cr\u00e9ditos. [134.351592] ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000000... [134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2]... [134.365071] Seguimiento de llamadas: [134.3653 12]  [134.365524] ? __die_body+0x1e/0x60 [ 134.365868] ? page_fault_oops+0x13d/0x4f0 [134.366265]? __pfx_bit_wait_io+0x10/0x10 [134.366659]? horario+0x27/0xb0 [ 134.366981] ? exc_page_fault+0x6a/0x140 [134.367356]? asm_exc_page_fault+0x26/0x30 [134.367762]? ocfs2_journal_dirty+0x14f/0x160 [ocfs2] [ 134.368305] ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2] [ 134.368837] ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2] [ 134.369454] ocfs2_grow_tree+0x688/0x8a0 [ocfs2] 134.369927] ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2] [ 134.370521] ocfs2_split_extent+0x314/0x4d0 [ocfs2] [ 134.371019] ocfs2_change_extent_flag+0x174/0x410 [ocfs2] [ 134.371566] ocfs2_add_refcount_flag+0x3fa/0x630 ocfs2] [134.372117] ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2] [134.372994]? inode_update_timestamps+0x4a/0x120 [134.373692]? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.374545] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.375393] ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2] [ 134.376197] ocfs2_remap_file_range+0x1de/0x390 [ocfs2] [ 13 4.376971] ? permiso_archivo_seguridad+0x29/0x50 [ 134.377644] vfs_clone_file_range+0xfe/0x320 [ 134.378268] ioctl_file_clone+0x45/0xa0 [ 134.378853] do_vfs_ioctl+0x457/0x990 [ 134.379 422] __x64_sys_ioctl+0x6e/0xd0 [ 134.379987] do_syscall_64+0x5d/0x170 [ 134.380550] entrada_SYSCALL_64_after_hwframe+ 0x76/0x7e [ 134.381231] RIP: 0033:0x7fa4926397cb [ 134.381786] C\u00f3digo: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f f84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48 [ 134.383930] RSP: 002b:00007ffc2b39f7b8 : 00000246 ORIG_RAX: 00000000000000010 [ 134.384854] RAX : ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb [ 134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003 [ 134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000 [ 134.387476] R10: 0000000000000000 R11: 0000000000000 246 R12: 0000000000000000 [ 134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000 [ 134.389207]  Solucionelo abortando solo la transacci\u00f3n y el diario en ocfs2_journal_dirty() ahora, y deje ocfs2_abort() m\u00e1s tarde cuando detecte un identificador abortado, por ejemplo, iniciar la siguiente transacci\u00f3n. En este caso, registre tambi\u00e9n los detalles del identificador.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6\",\"versionEndExcluding\":\"6.6.36\",\"matchCriteriaId\":\"7811AF31-E4C8-4CC1-8D27-717621D639B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.9.7\",\"matchCriteriaId\":\"0A047AF2-94AC-4A3A-B32D-6AB930D8EF1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EBB4392-5FA6-4DA9-9772-8F9C750109FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"331C2F14-12C7-45D5-893D-8C52EE38EA10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3173713D-909A-4DD3-9DD4-1E171EB057EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"79F18AFA-40F7-43F0-BA30-7BDB65F918B9\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0550ad87711f815b3d73e487ec58ca7d8f56edbc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/58f7e1e2c9e72c7974054c64c3abeac81c11f822\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/72663d3e09091f431a0774227ca207c0358362dd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/0550ad87711f815b3d73e487ec58ca7d8f56edbc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/58f7e1e2c9e72c7974054c64c3abeac81c11f822\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/72663d3e09091f431a0774227ca207c0358362dd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/0550ad87711f815b3d73e487ec58ca7d8f56edbc\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/72663d3e09091f431a0774227ca207c0358362dd\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/58f7e1e2c9e72c7974054c64c3abeac81c11f822\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T04:39:55.281Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-40952\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T17:03:55.352305Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:22.475Z\"}}], \"cna\": {\"title\": \"ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"8887b94d93224e0ef7e1bc6369640e313b8b12f4\", \"lessThan\": \"0550ad87711f815b3d73e487ec58ca7d8f56edbc\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"8887b94d93224e0ef7e1bc6369640e313b8b12f4\", \"lessThan\": \"72663d3e09091f431a0774227ca207c0358362dd\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"8887b94d93224e0ef7e1bc6369640e313b8b12f4\", \"lessThan\": \"58f7e1e2c9e72c7974054c64c3abeac81c11f822\", \"versionType\": \"git\"}], \"programFiles\": [\"fs/ocfs2/journal.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.6\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.6\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.6.36\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9.7\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.9.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/ocfs2/journal.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/0550ad87711f815b3d73e487ec58ca7d8f56edbc\"}, {\"url\": \"https://git.kernel.org/stable/c/72663d3e09091f431a0774227ca207c0358362dd\"}, {\"url\": \"https://git.kernel.org/stable/c/58f7e1e2c9e72c7974054c64c3abeac81c11f822\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()\\n\\nbdev-\u003ebd_super has been removed and commit 8887b94d9322 change the usage\\nfrom bdev-\u003ebd_super to b_assoc_map-\u003ehost-\u003ei_sb.  This introduces the\\nfollowing NULL pointer dereference in ocfs2_journal_dirty() since\\nb_assoc_map is still not initialized.  This can be easily reproduced by\\nrunning xfstests generic/186, which simulate no more credits.\\n\\n[  134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000\\n...\\n[  134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2]\\n...\\n[  134.365071] Call Trace:\\n[  134.365312]  \u003cTASK\u003e\\n[  134.365524]  ? __die_body+0x1e/0x60\\n[  134.365868]  ? page_fault_oops+0x13d/0x4f0\\n[  134.366265]  ? __pfx_bit_wait_io+0x10/0x10\\n[  134.366659]  ? schedule+0x27/0xb0\\n[  134.366981]  ? exc_page_fault+0x6a/0x140\\n[  134.367356]  ? asm_exc_page_fault+0x26/0x30\\n[  134.367762]  ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2]\\n[  134.368305]  ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2]\\n[  134.368837]  ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2]\\n[  134.369454]  ocfs2_grow_tree+0x688/0x8a0 [ocfs2]\\n[  134.369927]  ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2]\\n[  134.370521]  ocfs2_split_extent+0x314/0x4d0 [ocfs2]\\n[  134.371019]  ocfs2_change_extent_flag+0x174/0x410 [ocfs2]\\n[  134.371566]  ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2]\\n[  134.372117]  ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2]\\n[  134.372994]  ? inode_update_timestamps+0x4a/0x120\\n[  134.373692]  ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]\\n[  134.374545]  ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]\\n[  134.375393]  ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2]\\n[  134.376197]  ocfs2_remap_file_range+0x1de/0x390 [ocfs2]\\n[  134.376971]  ? security_file_permission+0x29/0x50\\n[  134.377644]  vfs_clone_file_range+0xfe/0x320\\n[  134.378268]  ioctl_file_clone+0x45/0xa0\\n[  134.378853]  do_vfs_ioctl+0x457/0x990\\n[  134.379422]  __x64_sys_ioctl+0x6e/0xd0\\n[  134.379987]  do_syscall_64+0x5d/0x170\\n[  134.380550]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n[  134.381231] RIP: 0033:0x7fa4926397cb\\n[  134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48\\n[  134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\\n[  134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb\\n[  134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003\\n[  134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000\\n[  134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\\n[  134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000\\n[  134.389207]  \u003c/TASK\u003e\\n\\nFix it by only aborting transaction and journal in ocfs2_journal_dirty()\\nnow, and leave ocfs2_abort() later when detecting an aborted handle,\\ne.g. start next transaction. Also log the handle details in this case.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.36\", \"versionStartIncluding\": \"6.6\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.9.7\", \"versionStartIncluding\": \"6.6\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.10\", \"versionStartIncluding\": \"6.6\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T09:18:39.596Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-40952\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T09:18:39.596Z\", \"dateReserved\": \"2024-07-12T12:17:45.592Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-07-12T12:31:56.160Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.