CVE-2024-42304
Published: Aug 17, 2024
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ext4: make sure the first directory block is not a hole The syzbot constructs a directory that has no dirblock but is non-inline, i.e. the first directory block is a hole. And no errors are reported when creating files in this directory in the following flow. ext4_mknod ... ext4_add_entry // Read block 0 ext4_read_dirblock(dir, block, DIRENT) bh = ext4_bread(NULL, inode, block, 0) if (!bh && (type == INDEX || type == DIRENT_HTREE)) // The first directory block is a hole // But type == DIRENT, so no error is reported. After that, we get a directory block without '.' and '..' but with a valid dentry. This may cause some code that relies on dot or dotdot (such as make_indexed_dir()) to crash. Therefore when ext4_read_dirblock() finds that the first directory block is a hole report that the filesystem is corrupted and return an error to avoid loading corrupted data from disk causing something bad.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 3a17ca864baffc0c6f6e8aad525aa4365775a193 - < d81d7e347d1f1f48a5634607d39eb90c161c8afeaffected 4e19d6b65fb4fc42e352ce9883649e049da14743 - < e02f9941e8c011aa3eafa799def6a134ce06bcfaaffected 4e19d6b65fb4fc42e352ce9883649e049da14743 - < de2a011a13a46468a6e8259db58b1b62071fe136affected 4e19d6b65fb4fc42e352ce9883649e049da14743 - < 9771e3d8365ae1dd5e8846a204cb9af14e3e656aaffected 4e19d6b65fb4fc42e352ce9883649e049da14743 - < b609753cbbd38f8c0affd4956c0af178348523ac+12 more versions |
Linux | Linux | affected 5.3unaffected 0 - < 5.3unaffected 4.19.320 - <= 4.19.*unaffected 5.4.282 - <= 5.4.*unaffected 5.10.224 - <= 5.10.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now