CVE-2024-26590
Published: Feb 22, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However, syzkaller can generate inconsistent crafted images that use an unsupported algorithmtype for specific inodes, e.g. use MicroLZMA algorithmtype even it's not set in `sbi->available_compr_algs`. This can lead to an unexpected "BUG: kernel NULL pointer dereference" if the corresponding decompressor isn't built-in. Fix this by checking against `sbi->available_compr_algs` for each m_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs preset bitmap is now fixed together since it was harmless previously.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8f89926290c4b3d31748d5089b27952243be0693 - < 47467e04816cb297905c0f09bc2d11ef865942d9affected 8f89926290c4b3d31748d5089b27952243be0693 - < 823ba1d2106019ddf195287ba53057aee33cf724affected 8f89926290c4b3d31748d5089b27952243be0693 - < eed24b816e50c6cd18cbee0ff0d7218c8fced199affected 8f89926290c4b3d31748d5089b27952243be0693 - < 118a8cf504d7dfa519562d000f423ee3ca75d2c4 |
Linux | Linux | affected 5.16unaffected 0 - < 5.16unaffected 6.1.80 - <= 6.1.*unaffected 6.6.14 - <= 6.6.*unaffected 6.7.2 - <= 6.7.*+1 more versions |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now