← Back to CVE List

CVE-2024-50218

Published: 2024-11-09T11:15Z
Last Modified: 2024-11-12T13:56Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In the Linux kernel, the following vulnerability has been resolved: ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Syzbot reported a kernel BUG in ocfs2_truncate_inline. There are two reasons for this: first, the parameter value passed is greater than ocfs2_max_inline_data_with_xattr, second, the start and end parameters of ocfs2_truncate_inline are "unsigned int". So, we need to add a sanity check for byte_start and byte_len right before ocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater than ocfs2_max_inline_data_with_xattr return -EINVAL. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt