CVE-2024-58094: jfs: add check read-only before truncation in jfs_truncate_nolock()

Description

In the Linux kernel, the following vulnerability has been resolved:

jfs: add check read-only before truncation in jfs_truncate_nolock()

Added a check for "read-only" mode in the `jfs_truncate_nolock`
function to avoid errors related to writing to a read-only
filesystem.

Call stack:

block_write_begin() {
jfs_write_failed() {
jfs_truncate() {
jfs_truncate_nolock() {
txEnd() {
...
log = JFS_SBI(tblk->sb)->log;
// (log == NULL)

If the `isReadOnly(ip)` condition is triggered in
`jfs_truncate_nolock`, the function execution will stop, and no
further data modification will occur. Instead, the `xtTruncate`
function will be called with the "COMMIT_WMAP" flag, preventing
modifications in "read-only" mode.

Classification

CVE ID: CVE-2024-58094

Affected Products

Vendor: Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.52% (scored less or equal to compared to others)

EPSS Date: 2025-04-20 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-58094
https://git.kernel.org/stable/c/f605bc3e162f5c6faa9bd3602ce496053d06a4bb
https://git.kernel.org/stable/c/b5799dd77054c1ec49b0088b006c9908e256843b

Timeline

2025-04-16 15:40:21 UTC
CVE

jfs: add check read-only before truncation in jfs_truncate_nolock()