Vulnerabilities > CVE-2024-42079 - NULL Pointer Dereference vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix NULL pointer dereference in gfs2_log_flush In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush lock to provide exclusion against gfs2_log_flush(). In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before dereferencing it. Otherwise, we could run into a NULL pointer dereference when outstanding glock work races with an unmount (glock_work_func -> run_queue -> do_xmote -> inode_go_sync -> gfs2_log_flush).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/3429ef5f50909cee9e498c50f0c499b9397116ce
- https://git.kernel.org/stable/c/3429ef5f50909cee9e498c50f0c499b9397116ce
- https://git.kernel.org/stable/c/35264909e9d1973ab9aaa2a1b07cda70f12bb828
- https://git.kernel.org/stable/c/35264909e9d1973ab9aaa2a1b07cda70f12bb828
- https://git.kernel.org/stable/c/f54f9d5368a4e92ede7dd078a62788dae3a7c6ef
- https://git.kernel.org/stable/c/f54f9d5368a4e92ede7dd078a62788dae3a7c6ef