CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-58001: ocfs2: handle a symlink read error correctly

Description

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: handle a symlink read error correctly

Patch series "Convert ocfs2 to use folios".

Mark did a conversion of ocfs2 to use folios and sent it to me as a
giant patch for review ;-)

So I've redone it as individual patches, and credited Mark for the patches
where his code is substantially the same. It's not a bad way to do it;
his patch had some bugs and my patches had some bugs. Hopefully all our
bugs were different from each other. And hopefully Mark likes all the
changes I made to his code!

This patch (of 23):

If we can't read the buffer, be sure to unlock the page before returning.

Classification

CVE ID: CVE-2024-58001

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 10.65% (scored less or equal to compared to others)

EPSS Date: 2025-03-27 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-58001
https://git.kernel.org/stable/c/6e143eb4ab83c24e7ad3e3d8e7daa241d9c38377
https://git.kernel.org/stable/c/b6833b38984d1e9f20dd80f9ec9050c10d687f30
https://git.kernel.org/stable/c/52a326f93ceb9348264fddf7bab6e345db69e08c
https://git.kernel.org/stable/c/5e3b3ec7c3cb5ba5629a766e4f0926db72cf0a1f
https://git.kernel.org/stable/c/2b4c2094da6d84e69b843dd3317902e977bf64bd

Timeline