CVE-2024-50116 Affecting kernel-devel-azure package, versions <5.14.21-150500.33.75.1


Severity

Recommended
0.0
medium
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.04% (5th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES155-KERNELDEVELAZURE-8534784
  • published19 Dec 2024
  • disclosed18 Dec 2024

Introduced: 18 Dec 2024

NewCVE-2024-50116  (opens in a new tab)

How to fix?

Upgrade SLES:15.5 kernel-devel-azure to version 5.14.21-150500.33.75.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-devel-azure package and not the kernel-devel-azure package as distributed by SLES. See How to fix? for SLES:15.5 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix kernel bug due to missing clearing of buffer delay flag

Syzbot reported that after nilfs2 reads a corrupted file system image and degrades to read-only, the BUG_ON check for the buffer delay flag in submit_bh_wbc() may fail, causing a kernel bug.

This is because the buffer delay flag is not cleared when clearing the buffer state flags to discard a page/folio or a buffer head. So, fix this.

This became necessary when the use of nilfs2's own page clear routine was expanded. This state inconsistency does not occur if the buffer is written normally by log writing.

CVSS Scores

version 3.1