CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush

Description

In the Linux kernel, the following vulnerability has been resolved:

gfs2: Fix NULL pointer dereference in gfs2_log_flush

In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush
lock to provide exclusion against gfs2_log_flush().

In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before
dereferencing it. Otherwise, we could run into a NULL pointer
dereference when outstanding glock work races with an unmount
(glock_work_func -> run_queue -> do_xmote -> inode_go_sync ->
gfs2_log_flush).

Classification

CVE ID: CVE-2024-42079

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.08% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/3429ef5f50909cee9e498c50f0c499b9397116ce
https://git.kernel.org/stable/c/f54f9d5368a4e92ede7dd078a62788dae3a7c6ef
https://git.kernel.org/stable/c/35264909e9d1973ab9aaa2a1b07cda70f12bb828

Timeline

2024-12-20 00:41:04 UTC
CVE

gfs2: Fix NULL pointer dereference in gfs2_log_flush