CVE-2024-53690

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue is related to the nilfs2 file system in the Linux kernel, where a deleted inode can be reused, causing an inode duplication and underflow of i nlink in rmdir operations. This happens when the inode bitmap is corrupted, and an inode with an inode number that should exist as a ".nilfs" file is reassigned by nilfs mkdir for another file, such as "file0". The problem is triggered when the same task uses the inode twice to unmount and remove directories ".nilfs" and "file0", resulting in a warning in nilfs rmdir. To avoid this issue, the i nlink value is checked in nilfs iget(), and if it is 0, the inode is reclaimed using iput.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider adding a check for i nlink in nilfs iget() to prevent the reuse of deleted inodes.