CVE-2024-26590

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the Enhanced Read-Only File System (EROFS) in the Linux kernel, which can select compression algorithms on a per-file basis. However, syzkaller can generate inconsistent crafted images that use an unsupported algorithm type for specific inodes, leading to an unexpected "BUG: kernel NULL pointer dereference" if the corresponding decompressor isn't built-in. The fix involves checking against sbi->available compr algs for each m algorithmformat request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.