CVE-2024-49957

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A null-pointer dereference error occurs in the Linux kernel when the journal load fails during the mounting process. This happens because jbd2 journal load() fails with a NULL j sb buffer when journal reset() fails due to a too short journal. As a result, ocfs2 journal shutdown() calls a series of functions, ultimately leading to a null-pointer dereference error in lock buffer(journal->j sb buffer). To resolve this issue, it is recommended to check the JBD2 LOADED flag to ensure the journal was properly loaded and use the journal instead of osb->journal directly to simplify the code.

Recommendations: To resolve this issue, update to Linux kernel version 6.6.58 or later. As a temporary workaround, consider adding a check for the JBD2 LOADED flag before calling lock buffer(journal->j sb buffer) to prevent the null-pointer dereference error. Additionally, modify the code to use the journal instead of osb->journal directly to simplify the code and prevent similar issues.