{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-26871","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.184Z","datePublished":"2024-04-17T10:27:31.396Z","dateUpdated":"2025-05-04T08:58:31.195Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:58:31.195Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix NULL pointer dereference in f2fs_submit_page_write()\n\nBUG: kernel NULL pointer dereference, address: 0000000000000014\nRIP: 0010:f2fs_submit_page_write+0x6cf/0x780 [f2fs]\nCall Trace:\n<TASK>\n? show_regs+0x6e/0x80\n? __die+0x29/0x70\n? page_fault_oops+0x154/0x4a0\n? prb_read_valid+0x20/0x30\n? __irq_work_queue_local+0x39/0xd0\n? irq_work_queue+0x36/0x70\n? do_user_addr_fault+0x314/0x6c0\n? exc_page_fault+0x7d/0x190\n? asm_exc_page_fault+0x2b/0x30\n? f2fs_submit_page_write+0x6cf/0x780 [f2fs]\n? f2fs_submit_page_write+0x736/0x780 [f2fs]\ndo_write_page+0x50/0x170 [f2fs]\nf2fs_outplace_write_data+0x61/0xb0 [f2fs]\nf2fs_do_write_data_page+0x3f8/0x660 [f2fs]\nf2fs_write_single_data_page+0x5bb/0x7a0 [f2fs]\nf2fs_write_cache_pages+0x3da/0xbe0 [f2fs]\n...\nIt is possible that other threads have added this fio to io->bio\nand submitted the io->bio before entering f2fs_submit_page_write().\nAt this point io->bio = NULL.\nIf is_end_zone_blkaddr(sbi, fio->new_blkaddr) of this fio is true,\nthen an NULL pointer dereference error occurs at bio_get(io->bio).\nThe original code for determining zone end was after \"out:\",\nwhich would have missed some fio who is zone end. I've moved\n this code before \"skip:\" to make sure it's done for each fio."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/f2fs/data.c"],"versions":[{"version":"e067dc3c6b9c419bac43c6a0be2d85f44681f863","lessThan":"8e2ea8b04cb8d976110c4568509e67d6a39b2889","status":"affected","versionType":"git"},{"version":"e067dc3c6b9c419bac43c6a0be2d85f44681f863","lessThan":"4c122a32582b67bdd44ca8d25f894ee2dc54f566","status":"affected","versionType":"git"},{"version":"e067dc3c6b9c419bac43c6a0be2d85f44681f863","lessThan":"6d102382a11d5e6035f6c98f6e508a38541f7af3","status":"affected","versionType":"git"},{"version":"e067dc3c6b9c419bac43c6a0be2d85f44681f863","lessThan":"c2034ef6192a65a986a45c2aa2ed05824fdc0e9f","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/f2fs/data.c"],"versions":[{"version":"6.5","status":"affected"},{"version":"0","lessThan":"6.5","status":"unaffected","versionType":"semver"},{"version":"6.6.23","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.11","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8.2","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.6.23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.7.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.8.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8e2ea8b04cb8d976110c4568509e67d6a39b2889"},{"url":"https://git.kernel.org/stable/c/4c122a32582b67bdd44ca8d25f894ee2dc54f566"},{"url":"https://git.kernel.org/stable/c/6d102382a11d5e6035f6c98f6e508a38541f7af3"},{"url":"https://git.kernel.org/stable/c/c2034ef6192a65a986a45c2aa2ed05824fdc0e9f"}],"title":"f2fs: fix NULL pointer dereference in f2fs_submit_page_write()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-26871","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-10T14:26:39.793680Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-05T17:22:49.873Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:21:04.190Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/8e2ea8b04cb8d976110c4568509e67d6a39b2889","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/4c122a32582b67bdd44ca8d25f894ee2dc54f566","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6d102382a11d5e6035f6c98f6e508a38541f7af3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/c2034ef6192a65a986a45c2aa2ed05824fdc0e9f","tags":["x_transferred"]}]}]}}