CVE-2024-53130

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/0a5014ad37c77ac6a2c525137c00a0e1724f6020", "name": "https://git.kernel.org/stable/c/0a5014ad37c77ac6a2c525137c00a0e1724f6020", "tags": [], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/0ce59fb1c73fdd5b6028226aeb46259a0cdc0957", "name": "https://git.kernel.org/stable/c/0ce59fb1c73fdd5b6028226aeb46259a0cdc0957", "tags": [], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/2026559a6c4ce34db117d2db8f710fe2a9420d5a", "name": "https://git.kernel.org/stable/c/2026559a6c4ce34db117d2db8f710fe2a9420d5a", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/7af3309c7a2ef26831a67125b11c34a7e01c1b2a", "name": "https://git.kernel.org/stable/c/7af3309c7a2ef26831a67125b11c34a7e01c1b2a", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/86b19031dbc79abc378dfae357f6ea33ebeb0c95", "name": "https://git.kernel.org/stable/c/86b19031dbc79abc378dfae357f6ea33ebeb0c95", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/b0e4765740040c44039282057ecacd7435d1d2ba", "name": "https://git.kernel.org/stable/c/b0e4765740040c44039282057ecacd7435d1d2ba", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/d904e4d845aafbcfd8a40c1df7d999f02f062be8", "name": "https://git.kernel.org/stable/c/d904e4d845aafbcfd8a40c1df7d999f02f062be8", "tags": [], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/ffc440a76a0f476a7e6ea838ec0dc8e9979944d1", "name": "https://git.kernel.org/stable/c/ffc440a76a0f476a7e6ea838ec0dc8e9979944d1", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint\n\nWhen using the \"block:block_dirty_buffer\" tracepoint, mark_buffer_dirty()\nmay cause a NULL pointer dereference, or a general protection fault when\nKASAN is enabled.\n\nThis happens because, since the tracepoint was added in\nmark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev\nregardless of whether the buffer head has a pointer to a block_device\nstructure.\n\nIn the current implementation, nilfs_grab_buffer(), which grabs a buffer\nto read (or create) a block of metadata, including b-tree node blocks,\ndoes not set the block device, but instead does so only if the buffer is\nnot in the \"uptodate\" state for each of its caller block reading\nfunctions. However, if the uptodate flag is set on a folio/page, and the\nbuffer heads are detached from it by try_to_free_buffers(), and new buffer\nheads are then attached by create_empty_buffers(), the uptodate flag may\nbe restored to each buffer without the block device being set to\nbh->b_bdev, and mark_buffer_dirty() may be called later in that state,\nresulting in the bug mentioned above.\n\nFix this issue by making nilfs_grab_buffer() always set the block device\nof the super block structure to the buffer head, regardless of the state\nof the buffer's uptodate flag."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-476"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-53130", "ASSIGNER": "cve@kernel.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2024-12-04T15:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.1.119", "versionStartIncluding": "3.9"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.11.10", "versionStartIncluding": "6.11.0"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.6.63", "versionStartIncluding": "6.6.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-12-14T21:15Z"}