Heming Zhao

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: A null pointer dereference issue has been identified in the Linux kernel, specifically in the ocfs2 set buffer uptodate() function. This issue occurs when performing cleanup without the OCFS2 BH READAHEAD flag, potentially leading to a NULL pointer dereference if `bh` is NULL. Recommendations: For versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the `ocfs2 set buffer uptodate()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue arises from the code in `ocfs2 dio end io write()` estimating the number of necessary transaction credits using `ocfs2 calc extend credits()`, which does not account for arbitrarily large IO or an arbitrary number of extents. This can lead to the exhaustion of transaction credits when dealing with many single block extents, triggering a `WARN ON` in `jbd2 journal dirty metadata()` and causing OCFS2 to abort. The problem was encountered on a heavily fragmented OCFS2 filesystem. To resolve the issue, ensure the transaction always has enough credits for one extent insert before each call of `ocfs2 mark extent written()`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to incorrect usage of `sb index` in the `md/md-bitmap` component of the Linux kernel. This can cause a crash in a clustered environment due to wrong code logic for clustered-md, where the slot offset for cluster nodes is never set. The problem arises from the removal of `page->index` from bitmap code, which was done by commit `d7038f951828`. The call trace includes functions such as `md bitmap file set bit`, `md bitmap startwrite`, `raid1 make request`, and others, indicating the path of execution leading to the potential crash. The vulnerability may allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.