Executive Summary

Informations
Name CVE-2024-53221 First vendor Publication 2024-12-27
Vendor Cve Last vendor Modification 2025-01-17

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix null-ptr-deref in f2fs_submit_page_bio()

There's issue as follows when concurrently installing the f2fs.ko module and mounting the f2fs file system: KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] RIP: 0010:__bio_alloc+0x2fb/0x6c0 [f2fs] Call Trace:

f2fs_submit_page_bio+0x126/0x8b0 [f2fs]
__get_meta_page+0x1d4/0x920 [f2fs]
get_checkpoint_version.constprop.0+0x2b/0x3c0 [f2fs]
validate_checkpoint+0xac/0x290 [f2fs]
f2fs_get_valid_checkpoint+0x207/0x950 [f2fs]
f2fs_fill_super+0x1007/0x39b0 [f2fs]
mount_bdev+0x183/0x250
legacy_get_tree+0xf4/0x1e0
vfs_get_tree+0x88/0x340
do_new_mount+0x283/0x5e0
path_mount+0x2b2/0x15b0
__x64_sys_mount+0x1fe/0x270
do_syscall_64+0x5f/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e

Above issue happens as the biset of the f2fs file system is not initialized before register "f2fs_fs_type". To address above issue just register "f2fs_fs_type" at the last in init_f2fs_fs(). Ensure that all f2fs file system resources are initialized.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53221

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-476 NULL Pointer Dereference

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3670

Sources (Detail)

https://git.kernel.org/stable/c/32f5e291b7677495f98246eec573767430321c08
https://git.kernel.org/stable/c/8dddc12d03248755d9f709bc1eb9e3ea2bf1b322
https://git.kernel.org/stable/c/9e11b1d5fda972f6be60ab732976a7c8e064cd56
https://git.kernel.org/stable/c/b7d0a97b28083084ebdd8e5c6bccd12e6ec18faa
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2025-02-22 03:26:53
  • Multiple Updates
2025-01-17 17:20:36
  • Multiple Updates
2025-01-08 00:20:58
  • Multiple Updates
2025-01-07 03:08:13
  • Multiple Updates
2025-01-06 21:21:01
  • Multiple Updates
2024-12-27 17:20:28
  • First insertion