CVE-2024-50015

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A vulnerability in the Linux kernel related to ext4 file systems has been fixed. The issue arises in the dax iomap rw() function, which maps written blocks and copies user data to blocks. If the process is killed by the user, the copied data will be returned and added to the inode size, potentially exceeding the inode size and causing fsck to fail. The problem is fixed by truncating extents if the written length is smaller than expected.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the dax iomap rw() function until a patch is available. Restrict access to the ext4 file system to minimize the risk of exploitation. Avoid using the iter->pos and iocb->ki pos variables in the affected code until the issue is resolved.