Linux · Linux Kernel · CVE-2024-50087
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue arises in the Linux kernel's btrfs component, specifically within the `read alloc one name()` function. This function does not properly initialize the `name` field of the `fscrypt str` struct when `kmalloc` fails to allocate the necessary buffer. As a result, it is not guaranteed that `fscrypt str.name` is initialized when it is freed, leading to potential issues. The problem is a follow-up to a patch that addressed the remaining instances of a bug introduced by a specific commit that changed the use of `struct qstr` instead of name and namelen pairs.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.