CVE-2024-42079

medium

Description

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix NULL pointer dereference in gfs2_log_flush In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush lock to provide exclusion against gfs2_log_flush(). In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before dereferencing it. Otherwise, we could run into a NULL pointer dereference when outstanding glock work races with an unmount (glock_work_func -> run_queue -> do_xmote -> inode_go_sync -> gfs2_log_flush).

References

https://git.kernel.org/stable/c/f54f9d5368a4e92ede7dd078a62788dae3a7c6ef

https://git.kernel.org/stable/c/35264909e9d1973ab9aaa2a1b07cda70f12bb828

https://git.kernel.org/stable/c/3429ef5f50909cee9e498c50f0c499b9397116ce

Details

Source: Mitre, NVD

Published: 2024-07-29

Updated: 2024-07-30

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium