CVE-2024-50218

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: A vulnerability has been resolved in the Linux kernel. The issue is related to the ocfs2 file system, where passing a u64 value to ocfs2 truncate inline may cause an overflow. This is due to two reasons: the parameter value passed is greater than ocfs2 max inline data with xattr, and the start and end parameters of ocfs2 truncate inline are unsigned int. Syzbot reported a kernel BUG in ocfs2 truncate inline. A sanity check needs to be added for byte start and byte len before calling ocfs2 truncate inline() in ocfs2 remove inode range() to prevent this issue.

Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider adding a sanity check for byte start and byte len in ocfs2 remove inode range() to prevent the overflow. Restrict access to the ocfs2 file system until the update is applied to minimize the risk of exploitation.