CVE-2024-50230

一、漏洞信息
漏洞编号：CVE-2024-50230
漏洞归属组件：kernel
漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0,6.6.0
CVSS V3.0分值：
BaseScore：7.8 High
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞简述：
In the Linux kernel, the following vulnerability has been resolved:nilfs2: fix kernel bug due to missing clearing of checked flagSyzbot reported that in directory operations after nilfs2 detectsfilesystem corruption and degrades to read-only,__block_write_begin_int(), which is called to prepare block writes, mayfail the BUG_ON check for accesses exceeding the folio/page size,triggering a kernel bug.This was found to be because the checked flag of a page/folio was notcleared when it was discarded by nilfs2 s own routine, which causes thesanity check of directory entries to be skipped when the directorypage/folio is reloaded. So, fix that.This was necessary when the use of nilfs2 s own page discard routine wasapplied to more than just metadata files.
漏洞公开时间：2024-11-09 19:15:08
漏洞创建时间：2024-11-09 19:37:05
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2024-50230

更多参考(点击展开)

参考来源	参考链接	来源链接
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/41e192ad2779cae0102879612dfe46726e4396aa
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/56c6171932a7fb267ac6cb4ff8759b93ee1d0e2e
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/64afad73e4623308d8943645e5631f2c7a2d7971
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/994b2fa13a6c9cf3feca93090a9c337d48e3d60d
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/aa0cee46c5d3fd9a39575a4c8a4f65f25f095b89
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/cd0cdb51b15203fa27d4b714be83b7dfffa0b752
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f05dbebb8ee34882505d53d83af7d18f28a49248
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f2f1fa446676c21edb777e6d2bc4fa8f956fab68
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50230	https://bugzilla.suse.com/show_bug.cgi?id=1233206
suse_bugzilla	https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-50230.mbox	https://bugzilla.suse.com/show_bug.cgi?id=1233206
suse_bugzilla	https://git.kernel.org/stable/c/994b2fa13a6c9cf3feca93090a9c337d48e3d60d	https://bugzilla.suse.com/show_bug.cgi?id=1233206
suse_bugzilla	https://git.kernel.org/stable/c/64afad73e4623308d8943645e5631f2c7a2d7971	https://bugzilla.suse.com/show_bug.cgi?id=1233206
suse_bugzilla	https://git.kernel.org/stable/c/aa0cee46c5d3fd9a39575a4c8a4f65f25f095b89	https://bugzilla.suse.com/show_bug.cgi?id=1233206
suse_bugzilla	https://git.kernel.org/stable/c/f05dbebb8ee34882505d53d83af7d18f28a49248	https://bugzilla.suse.com/show_bug.cgi?id=1233206
suse_bugzilla	https://git.kernel.org/stable/c/cd0cdb51b15203fa27d4b714be83b7dfffa0b752	https://bugzilla.suse.com/show_bug.cgi?id=1233206
suse_bugzilla	https://git.kernel.org/stable/c/f2f1fa446676c21edb777e6d2bc4fa8f956fab68	https://bugzilla.suse.com/show_bug.cgi?id=1233206
suse_bugzilla	https://git.kernel.org/stable/c/56c6171932a7fb267ac6cb4ff8759b93ee1d0e2e	https://bugzilla.suse.com/show_bug.cgi?id=1233206
suse_bugzilla	https://git.kernel.org/stable/c/41e192ad2779cae0102879612dfe46726e4396aa	https://bugzilla.suse.com/show_bug.cgi?id=1233206
suse_bugzilla	https://www.cve.org/CVERecord?id=CVE-2024-50230	https://bugzilla.suse.com/show_bug.cgi?id=1233206
redhat_bugzilla	https://lore.kernel.org/linux-cve-announce/2024110929-CVE-2024-50230-0b5e@gregkh/T	https://bugzilla.redhat.com/show_bug.cgi?id=2324864
debian		https://security-tracker.debian.org/tracker/CVE-2024-50230
mageia		http://advisories.mageia.org/MGASA-2024-0368.html

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

详情(点击展开)

影响的包	修复版本	修复补丁	问题引入补丁	来源
		https://git.kernel.org/stable/c/41e192ad2779cae0102879612dfe46726e4396aa		nvd
		https://git.kernel.org/stable/c/56c6171932a7fb267ac6cb4ff8759b93ee1d0e2e		nvd
		https://git.kernel.org/stable/c/64afad73e4623308d8943645e5631f2c7a2d7971		nvd
		https://git.kernel.org/stable/c/994b2fa13a6c9cf3feca93090a9c337d48e3d60d		nvd
		https://git.kernel.org/stable/c/aa0cee46c5d3fd9a39575a4c8a4f65f25f095b89		nvd
		https://git.kernel.org/stable/c/cd0cdb51b15203fa27d4b714be83b7dfffa0b752		nvd
		https://git.kernel.org/stable/c/f05dbebb8ee34882505d53d83af7d18f28a49248		nvd
		https://git.kernel.org/stable/c/f2f1fa446676c21edb777e6d2bc4fa8f956fab68		nvd

二、漏洞分析结构反馈
影响性分析说明：
Reserved.
openEuler评分：
7.8
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP4(4.19.90):受影响
2.openEuler-22.03-LTS-SP3(5.10.0):受影响
3.openEuler-22.03-LTS-SP4(5.10.0):受影响
4.openEuler-24.03-LTS(6.6.0):受影响
5.openEuler-24.03-LTS-SP1(6.6.0):受影响
6.master(6.6.0):不受影响
7.openEuler-24.03-LTS-Next(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP4(4.19.90):否
2.openEuler-22.03-LTS-SP1(5.10.0):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.master(6.6.0):否
5.openEuler-24.03-LTS(6.6.0):否
6.openEuler-24.03-LTS-Next(6.6.0):否
7.openEuler-22.03-LTS-SP4(5.10.0):否
8.openEuler-24.03-LTS-SP1(6.6.0):否

原因说明：
1.openEuler-20.03-LTS-SP4(4.19.90):正常修复
2.openEuler-22.03-LTS-SP3(5.10.0):正常修复
3.openEuler-22.03-LTS-SP4(5.10.0):正常修复
4.openEuler-24.03-LTS(6.6.0):正常修复
5.openEuler-24.03-LTS-SP1(6.6.0):正常修复
6.master(6.6.0):不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发

@yangyingliang ,@jiaoff ,@guohaocs2c ,@hanjun-guo ,@woqidaideshi ,@newbeats ,@zhangyi089 ,@colyli ,@thundertown ,@htforge ,@chiqijun ,@lengchao ,@zhujianwei001 ,@kylin-mayukun ,@wangxiongfeng ,@wkfxxx ,@SuperSix173 ,@jentlestea ,@oskernel0719 ,@gasonchen 
**issue处理注意事项:** 
**1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;**
**2. 模板内容需要填写完整, 无论是受影响或者不受影响都需要填写完整内容,未引入的分支不需要填写, 否则无法关闭当前issue;**
**3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openEuler评分, 受影响版本排查(受影响/不受影响), 修复是否涉及abi变化(是/否), 原因说明)不能省略,省略后cve-manager将无法正常解析填写内容.**
************************************************************************
影响性分析说明:

openEuler评分: (评分和向量)

受影响版本排查(受影响/不受影响): 
1.master(6.6.0):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP1(5.10.0):
4.openEuler-22.03-LTS-SP3(5.10.0):
5.openEuler-22.03-LTS-SP4(5.10.0):
6.openEuler-24.03-LTS(6.6.0):
7.openEuler-24.03-LTS-Next(6.6.0):

修复是否涉及abi变化(是/否)：
1.master(6.6.0):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP1(5.10.0):
4.openEuler-22.03-LTS-SP3(5.10.0):
5.openEuler-22.03-LTS-SP4(5.10.0):
6.openEuler-24.03-LTS(6.6.0):
7.openEuler-24.03-LTS-Next(6.6.0):

原因说明：
1.master(6.6.0):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP1(5.10.0):
4.openEuler-22.03-LTS-SP3(5.10.0):
5.openEuler-22.03-LTS-SP4(5.10.0):
6.openEuler-24.03-LTS(6.6.0):
7.openEuler-24.03-LTS-Next(6.6.0):

issue处理具体操作请参考: 
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
pr关联issue具体操作请参考:
https://gitee.com/help/articles/4142

Hi openeuler-ci-bot, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Kernel, and any of the maintainers.

CVE-2024-50230

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix kernel bug due to missing clearing of checked flag

Syzbot reported that in directory operations after nilfs2 detects
filesystem corruption and degrades to read-only,
__block_write_begin_int(), which is called to prepare block writes, may
fail the BUG_ON check for accesses exceeding the folio/page size,
triggering a kernel bug.

This was found to be because the "checked" flag of a page/folio was not
cleared when it was discarded by nilfs2's own routine, which causes the
sanity check of directory entries to be skipped when the directory
page/folio is reloaded. So, fix that.

This was necessary when the use of nilfs2's own page discard routine was
applied to more than just metadata files.

The Linux kernel CVE team has assigned CVE-2024-50230 to this issue.

openEuler评分:(评分和向量)
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP4:受影响
2.openEuler-22.03-LTS-SP1:受影响
3.openEuler-22.03-LTS-SP3:受影响
4.openEuler-22.03-LTS-SP4:受影响
5.master(6.1.0):不受影响
6.openEuler-24.03-LTS:受影响
7.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP4:否
2.openEuler-22.03-LTS-SP1:否
3.openEuler-22.03-LTS-SP3:否
4.master(6.1.0):否
5.openEuler-24.03-LTS:否
6.openEuler-24.03-LTS-Next:否
7.openEuler-22.03-LTS-SP4:否