CVE-2024-26772: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid allocating blocks from corrupted group in ext4mbfindbygoal()
Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group with a corrupted block bitmap.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid allocating blocks from corrupted group in ext4mbfindbygoal()
The Linux kernel CVE team has assigned CVE-2024-26772 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024040308-CVE-2024-26772-5168@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-26772?
CVE-2024-26772 has a moderate severity level due to potential issues in block allocation from corrupted groups in ext4.
How do I fix CVE-2024-26772?
To mitigate CVE-2024-26772, users should update their Linux kernel to the latest versions: 4.19.308, 5.4.270, 5.10.211, 5.15.150, 6.1.80, or later versions.
Which Linux kernel versions are affected by CVE-2024-26772?
CVE-2024-26772 affects several Linux kernel versions prior to 4.19.308, 5.4.270, 5.10.211, 5.15.150, 6.1.80 and includes versions like 6.6.19, 6.7.7, and 6.8.
Is CVE-2024-26772 a critical vulnerability?
CVE-2024-26772 is not considered critical, but it poses risks that should be addressed through updates.
Who is affected by CVE-2024-26772?
Users running vulnerable versions of the Linux kernel are at risk from CVE-2024-26772 and should apply updates promptly.