CVE-2024-42105

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the nilfs2 component of the Linux kernel, which has a use-after-free vulnerability. This vulnerability can be exploited to cause a denial of service. The problem arises from the internal inode of nilfs2 being exposed in the namespace on a corrupted filesystem. Additionally, there are flaws that cause issues if the starting number of non-reserved inodes written in the on-disk super block is intentionally or corruptly changed from its default value. The nilfs->ns first ino value, which gives the first non-reserved inode number, is read from the superblock but its lower limit is not checked, leading to potential malfunctions of the inode number test macros NILFS MDT INODE and NILFS VALID INODE. These macros use left bit-shift calculations with the inode number as the shift count via the BIT macro, which can result in undefined behavior if the shift calculation exceeds the bit width of an integer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.