CVE-2024-50116 Affecting kernel-uek-devel package, versions <0:5.15.0-303.171.5.2.el9uek


Severity

Recommended
high

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
0.04% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ORACLE9-KERNELUEKDEVEL-8531055
  • published19 Dec 2024
  • disclosed5 Nov 2024

Introduced: 5 Nov 2024

CVE-2024-50116  (opens in a new tab)

How to fix?

Upgrade Oracle:9 kernel-uek-devel to version 0:5.15.0-303.171.5.2.el9uek or higher.
This issue was patched in ELSA-2024-12887.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-uek-devel package and not the kernel-uek-devel package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix kernel bug due to missing clearing of buffer delay flag

Syzbot reported that after nilfs2 reads a corrupted file system image and degrades to read-only, the BUG_ON check for the buffer delay flag in submit_bh_wbc() may fail, causing a kernel bug.

This is because the buffer delay flag is not cleared when clearing the buffer state flags to discard a page/folio or a buffer head. So, fix this.

This became necessary when the use of nilfs2's own page clear routine was expanded. This state inconsistency does not occur if the buffer is written normally by log writing.

CVSS Scores

version 3.1