CVE-2024-49958

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A vulnerability in the Linux kernel has been resolved, related to the ocfs2 filesystem. The issue occurred during the reflink workflow while reserving space for inline xattr, causing corruption. The problematic function is ocfs2 reflink xattr inline(), which reserves space for inline xattrs at the destination inode without checking if there is space at the root metadata block. This results in corruption when the inode already has extents beyond the index. The fix involves reserving space for inline metadata at the destination inode before the reflink tree gets recreated.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the ocfs2 reflink xattr inline() function until a patch is available. Restrict access to the ocfs2 filesystem to minimize the risk of exploitation. Avoid using the ocfs2 filesystem until the issue is resolved.