PT-2024-35597 · Linux+7 · Linux Kernel+7
Published
2024-11-07
·
Updated
2025-11-19
·
CVE-2024-53131
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.65
Description
A null pointer dereference bug has been fixed in the Linux kernel's nilfs2 system, which occurs when using nilfs2 and two block-related tracepoints. The issue arises because the
block:block touch buffer tracepoint references the dev t member bh->b bdev->bd dev regardless of whether the buffer head has a pointer to a block device structure. The problem is solved by eliminating the touch buffer() call.Recommendations
For Linux kernel versions prior to 6.6.65, update to version 6.6.65 or later to resolve the issue. As a temporary workaround, consider disabling the
touch buffer() function until a patch is available. Restrict access to the vulnerable nilfs2 module to minimize the risk of exploitation. Avoid using the block:block touch buffer tracepoint until the issue is resolved.Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu