{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46781", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-11T15:12:18.276Z", "datePublished": "2024-09-18T07:12:37.603Z", "dateUpdated": "2025-05-04T09:34:09.287Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:34:09.287Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nilfs2/recovery.c"], "versions": [{"version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b", "lessThan": "35a9a7a7d94662146396199b0cfd95f9517cdd14", "status": "affected", "versionType": "git"}, {"version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b", "lessThan": "da02f9eb333333b2e4f25d2a14967cff785ac82e", "status": "affected", "versionType": "git"}, {"version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b", "lessThan": "07e4dc2fe000ab008bcfe90be4324ef56b5b4355", "status": "affected", "versionType": "git"}, {"version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b", "lessThan": "8e2d1e9d93c4ec51354229361ac3373058529ec4", "status": "affected", "versionType": "git"}, {"version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b", "lessThan": "ca92c4bff2833cb30d493b935168d6cccd5c805d", "status": "affected", "versionType": "git"}, {"version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b", "lessThan": "9d8c3a585d564d776ee60d4aabec59b404be7403", "status": "affected", "versionType": "git"}, {"version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b", "lessThan": "1cf1f7e8cd47244fa947d357ef1f642d91e219a3", "status": "affected", "versionType": "git"}, {"version": "0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b", "lessThan": "5787fcaab9eb5930f5378d6a1dd03d916d146622", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nilfs2/recovery.c"], "versions": [{"version": "2.6.30", "status": "affected"}, {"version": "0", "lessThan": "2.6.30", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.322", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.284", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.226", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.167", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.110", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.51", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.10", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "4.19.322"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "5.4.284"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "5.10.226"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "5.15.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "6.1.110"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "6.6.51"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "6.10.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "6.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14"}, {"url": "https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e"}, {"url": "https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355"}, {"url": "https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4"}, {"url": "https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d"}, {"url": "https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403"}, {"url": "https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d91e219a3"}, {"url": "https://git.kernel.org/stable/c/5787fcaab9eb5930f5378d6a1dd03d916d146622"}], "title": "nilfs2: fix missing cleanup on rollforward recovery error", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-29T14:37:59.673853Z", "id": "CVE-2024-46781", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T14:38:14.597Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-46781", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-29T14:37:59.673853Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T14:38:03.784Z"}}], "cna": {"title": "nilfs2: fix missing cleanup on rollforward recovery error", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "0f3e1c7f23f8", "lessThan": "35a9a7a7d946", "versionType": "git"}, {"status": "affected", "version": "0f3e1c7f23f8", "lessThan": "da02f9eb3333", "versionType": "git"}, {"status": "affected", "version": "0f3e1c7f23f8", "lessThan": "07e4dc2fe000", "versionType": "git"}, {"status": "affected", "version": "0f3e1c7f23f8", "lessThan": "8e2d1e9d93c4", "versionType": "git"}, {"status": "affected", "version": "0f3e1c7f23f8", "lessThan": "ca92c4bff283", "versionType": "git"}, {"status": "affected", "version": "0f3e1c7f23f8", "lessThan": "9d8c3a585d56", "versionType": "git"}, {"status": "affected", "version": "0f3e1c7f23f8", "lessThan": "1cf1f7e8cd47", "versionType": "git"}, {"status": "affected", "version": "0f3e1c7f23f8", "lessThan": "5787fcaab9eb", "versionType": "git"}], "programFiles": ["fs/nilfs2/recovery.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.30"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.30", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.322", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.284", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.226", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.167", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.110", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.51", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.10", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/nilfs2/recovery.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14"}, {"url": "https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e"}, {"url": "https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355"}, {"url": "https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4"}, {"url": "https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d"}, {"url": "https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403"}, {"url": "https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d91e219a3"}, {"url": "https://git.kernel.org/stable/c/5787fcaab9eb5930f5378d6a1dd03d916d146622"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:46:31.374Z"}}}, "cveMetadata": {"cveId": "CVE-2024-46781", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:46:31.374Z", "dateReserved": "2024-09-11T15:12:18.276Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-18T07:12:37.603Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9128926-755C-411A-BEB6-1FE3B3ADA74E", "versionEndExcluding": "4.19.322", "versionStartIncluding": "2.6.30", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85", "versionEndExcluding": "5.4.284", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97", "versionEndExcluding": "5.10.226", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1", "versionEndExcluding": "5.15.167", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE", "versionEndExcluding": "6.1.110", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0", "versionEndExcluding": "6.6.51", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED", "versionEndExcluding": "6.10.10", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: se corrige el error de limpieza faltante en la recuperaci\u00f3n de avance En una prueba de inyecci\u00f3n de errores de una rutina para la recuperaci\u00f3n en tiempo de montaje, KASAN encontr\u00f3 un error de use after free. Result\u00f3 que si la recuperaci\u00f3n de datos se realizaba utilizando registros parciales creados por escrituras dsync, pero se produc\u00eda un error antes de iniciar el escritor de registros para crear un punto de control recuperado, los inodos cuyos datos se hab\u00edan recuperado se dejaban en la lista ns_dirty_files del objeto nilfs y no se liberaban. Solucione este problema limpiando los inodos que han le\u00eddo los datos de recuperaci\u00f3n si la rutina de recuperaci\u00f3n falla a mitad de camino antes de que se inicie el escritor de registros."}], "id": "CVE-2024-46781", "lastModified": "2024-09-23T16:37:07.117", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-18T08:15:05.527", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d91e219a3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5787fcaab9eb5930f5378d6a1dd03d916d146622"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: nilfs2: fix missing cleanup on rollforward recovery error", "id": "2313130", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313130"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnilfs2: fix missing cleanup on rollforward recovery error\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts."], "name": "CVE-2024-46781", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46781\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46781\nhttps://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46781-377e@gregkh/T"], "threat_severity": "Moderate"}