PT-2024-33919 · Linux+6 · Linux Kernel+6

Roi Martin

·

Published

2024-10-28

·

Updated

2025-10-03

·

CVE-2024-50087

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue arises in the Linux kernel's btrfs component, specifically within the read alloc one name() function. This function does not properly initialize the name field of the fscrypt str struct when kmalloc fails to allocate the necessary buffer. As a result, it is not guaranteed that fscrypt str.name is initialized when it is freed, leading to potential issues. The problem is a follow-up to a patch that addressed the remaining instances of a bug introduced by a specific commit that changed the use of struct qstr instead of name and namelen pairs.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-824

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-15251
ALT-PU-2024-17211
ALT-PU-2025-12647
AZL-51915
BDU:2025-03357
CVE-2024-50087
DLA-4008-1
OESA-2024-2367
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4316-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:4314-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7383-1
USN-7383-2
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1
USN-7451-1
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu