一、 漏洞 CVE-2024-49881 基础信息
漏洞标题
Linux内核ext4_find_extent()函数缓冲区溢出漏洞
来源:AIGC 神龙大模型
漏洞描述信息
N/A
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
来源:AIGC 神龙大模型
漏洞类别
空指针解引用
来源:AIGC 神龙大模型
漏洞标题
ext4: update orig_path in ext4_find_extent()
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved: ext4: update orig_path in ext4_find_extent() In ext4_find_extent(), if the path is not big enough, we free it and set *orig_path to NULL. But after reallocating and successfully initializing the path, we don't update *orig_path, in which case the caller gets a valid path but a NULL ppath, and this may cause a NULL pointer dereference or a path memory leak. For example: ext4_split_extent path = *ppath = 2000 ext4_find_extent if (depth > path[0].p_maxdepth) kfree(path = 2000); *orig_path = path = NULL; path = kcalloc() = 3000 ext4_split_extent_at(*ppath = NULL) path = *ppath; ex = path[depth].p_ext; // NULL pointer dereference! ================================================================== BUG: kernel NULL pointer dereference, address: 0000000000000010 CPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847 RIP: 0010:ext4_split_extent_at+0x6d/0x560 Call Trace: <TASK> ext4_split_extent.isra.0+0xcb/0x1b0 ext4_ext_convert_to_initialized+0x168/0x6c0 ext4_ext_handle_unwritten_extents+0x325/0x4d0 ext4_ext_map_blocks+0x520/0xdb0 ext4_map_blocks+0x2b0/0x690 ext4_iomap_begin+0x20e/0x2c0 [...] ================================================================== Therefore, *orig_path is updated when the extent lookup succeeds, so that the caller can safely use path or *ppath.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Linux kernel 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于ext4文件系统中ext4_find_extent函数在路径查找成功时未能更新orig_path指针,可能导致空指针取消引用或路径内存泄漏。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-49881 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2024-49881 的情报信息

  • 标题: ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    ext4: update orig_path in ext4_find_extent() - kernel/git/stable/linux.git - Linux kernel stable tree
  • https://nvd.nist.gov/vuln/detail/CVE-2024-49881