CVE-2024-47699

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58

Description A potential null pointer dereference issue has been resolved in the Linux kernel. The issue occurs in the nilfs2 filesystem when a b-tree is broken on the device and the b-tree height is greater than 2, even if the number of child nodes of the b-tree root is 0. This can lead to a NULL pointer dereference in nilfs btree prepare insert(), which is called from nilfs btree insert(). The issue is caused by nilfs btree do lookup() not setting the block buffer head in any of path[x].bp bh when the number of child nodes of the b-tree root is 0. The problem is fixed by adding a check to nilfs btree root broken() to detect this inconsistency.

Recommendations To resolve the issue, update to Linux kernel version 6.6.58 or later. As a temporary workaround, consider disabling the nilfs btree insert() function until a patch is available. Restrict access to the nilfs2 filesystem to minimize the risk of exploitation.