DEBIAN-CVE-2024-49957
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journal_reset() fails because of too short journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() calls jbd2_journal_flush()->jbd2_cleanup_journal_tail()-> __jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail() ->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer dereference error. To resolve this issue, we should check the JBD2_LOADED flag to ensure the journal was properly loaded. Additionally, use journal instead of osb->journal directly to simplify the code.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux-6.1 | 6.1.112-1, 6.1.106-3, 6.1.106-3 |
| Debian:12 | linux | 6.1.106-3, 6.1.112-1, 6.1.27-1 |
| Debian:11 | linux | 5.10.209-1, 5.10.209-2, 5.10.216-1 |
| Debian:13 | linux | 0, 0 |
| Debian:14 | linux | 0, 0 |
Timeline
- Oct 21, 2024 CVE Published
- Apr 28, 2026 CVE Updated