{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-49881","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-10-21T12:17:06.021Z","datePublished":"2024-10-21T18:01:19.478Z","dateUpdated":"2025-11-03T22:22:46.626Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:40:16.085Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: update orig_path in ext4_find_extent()\n\nIn ext4_find_extent(), if the path is not big enough, we free it and set\n*orig_path to NULL. But after reallocating and successfully initializing\nthe path, we don't update *orig_path, in which case the caller gets a\nvalid path but a NULL ppath, and this may cause a NULL pointer dereference\nor a path memory leak. For example:\n\next4_split_extent\n  path = *ppath = 2000\n  ext4_find_extent\n    if (depth > path[0].p_maxdepth)\n      kfree(path = 2000);\n      *orig_path = path = NULL;\n      path = kcalloc() = 3000\n  ext4_split_extent_at(*ppath = NULL)\n    path = *ppath;\n    ex = path[depth].p_ext;\n    // NULL pointer dereference!\n\n==================================================================\nBUG: kernel NULL pointer dereference, address: 0000000000000010\nCPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847\nRIP: 0010:ext4_split_extent_at+0x6d/0x560\nCall Trace:\n <TASK>\n ext4_split_extent.isra.0+0xcb/0x1b0\n ext4_ext_convert_to_initialized+0x168/0x6c0\n ext4_ext_handle_unwritten_extents+0x325/0x4d0\n ext4_ext_map_blocks+0x520/0xdb0\n ext4_map_blocks+0x2b0/0x690\n ext4_iomap_begin+0x20e/0x2c0\n[...]\n==================================================================\n\nTherefore, *orig_path is updated when the extent lookup succeeds, so that\nthe caller can safely use path or *ppath."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/extents.c","fs/ext4/move_extent.c"],"versions":[{"version":"10809df84a4d868db61af621bae3658494165279","lessThan":"ec0c0beb9b777cdd1edd7df9b36e0f3e67e2bdff","status":"affected","versionType":"git"},{"version":"10809df84a4d868db61af621bae3658494165279","lessThan":"6766937d0327000ac1b87c97bbecdd28b0dd6599","status":"affected","versionType":"git"},{"version":"10809df84a4d868db61af621bae3658494165279","lessThan":"a9fcb1717d75061d3653ed69365c8d45331815cd","status":"affected","versionType":"git"},{"version":"10809df84a4d868db61af621bae3658494165279","lessThan":"6801ed1298204d16a38571091e31178bfdc3c679","status":"affected","versionType":"git"},{"version":"10809df84a4d868db61af621bae3658494165279","lessThan":"f55ecc58d07a6c1f6d6d5b5af125c25f8da0bda2","status":"affected","versionType":"git"},{"version":"10809df84a4d868db61af621bae3658494165279","lessThan":"b63481b3a388ee2df9e295f97273226140422a42","status":"affected","versionType":"git"},{"version":"10809df84a4d868db61af621bae3658494165279","lessThan":"11b230100d6801c014fab2afabc8bdea304c1b96","status":"affected","versionType":"git"},{"version":"10809df84a4d868db61af621bae3658494165279","lessThan":"5b4b2dcace35f618fe361a87bae6f0d13af31bc1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/extents.c","fs/ext4/move_extent.c"],"versions":[{"version":"3.18","status":"affected"},{"version":"0","lessThan":"3.18","status":"unaffected","versionType":"semver"},{"version":"4.19.323","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.10.227","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.168","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.113","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.55","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.14","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11.3","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"4.19.323"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"5.10.227"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"5.15.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"6.1.113"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"6.6.55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"6.10.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"6.11.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"6.12"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ec0c0beb9b777cdd1edd7df9b36e0f3e67e2bdff"},{"url":"https://git.kernel.org/stable/c/6766937d0327000ac1b87c97bbecdd28b0dd6599"},{"url":"https://git.kernel.org/stable/c/a9fcb1717d75061d3653ed69365c8d45331815cd"},{"url":"https://git.kernel.org/stable/c/6801ed1298204d16a38571091e31178bfdc3c679"},{"url":"https://git.kernel.org/stable/c/f55ecc58d07a6c1f6d6d5b5af125c25f8da0bda2"},{"url":"https://git.kernel.org/stable/c/b63481b3a388ee2df9e295f97273226140422a42"},{"url":"https://git.kernel.org/stable/c/11b230100d6801c014fab2afabc8bdea304c1b96"},{"url":"https://git.kernel.org/stable/c/5b4b2dcace35f618fe361a87bae6f0d13af31bc1"}],"title":"ext4: update orig_path in ext4_find_extent()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-49881","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-10-22T13:45:38.096654Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T13:48:50.544Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:22:46.626Z"}}]}}