CVE-2024-53130

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel's nilfs2 file system is related to null pointer dereferences. This issue occurs when using the "block:block dirty buffer" tracepoint, which can cause a NULL pointer dereference or a general protection fault when KASAN is enabled. The problem arises because the tracepoint references the dev t member bh->b bdev->bd dev regardless of whether the buffer head has a pointer to a block device structure. The nilfs grab buffer() function does not set the block device, but instead does so only if the buffer is not in the "uptodate" state for each of its caller block reading functions. However, if the uptodate flag is set on a folio/page, and the buffer heads are detached from it by try to free buffers(), and new buffer heads are then attached by create empty buffers(), the uptodate flag may be restored to each buffer without the block device being set to bh->b bdev, and mark buffer dirty() may be called later in that state, resulting in the bug mentioned above.

Recommendations To resolve this issue, make nilfs grab buffer() always set the block device of the super block structure to the buffer head, regardless of the state of the buffer's uptodate flag. At the moment, there is no information about a newer version that contains a fix for this vulnerability.