{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T23:48:58.871","vulnerabilities":[{"cve":{"id":"CVE-2024-53130","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-12-04T15:15:12.927","lastModified":"2025-11-03T23:17:22.540","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint\n\nWhen using the \"block:block_dirty_buffer\" tracepoint, mark_buffer_dirty()\nmay cause a NULL pointer dereference, or a general protection fault when\nKASAN is enabled.\n\nThis happens because, since the tracepoint was added in\nmark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev\nregardless of whether the buffer head has a pointer to a block_device\nstructure.\n\nIn the current implementation, nilfs_grab_buffer(), which grabs a buffer\nto read (or create) a block of metadata, including b-tree node blocks,\ndoes not set the block device, but instead does so only if the buffer is\nnot in the \"uptodate\" state for each of its caller block reading\nfunctions.  However, if the uptodate flag is set on a folio/page, and the\nbuffer heads are detached from it by try_to_free_buffers(), and new buffer\nheads are then attached by create_empty_buffers(), the uptodate flag may\nbe restored to each buffer without the block device being set to\nbh->b_bdev, and mark_buffer_dirty() may be called later in that state,\nresulting in the bug mentioned above.\n\nFix this issue by making nilfs_grab_buffer() always set the block device\nof the super block structure to the buffer head, regardless of the state\nof the buffer's uptodate flag."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: corrección de null-ptr-deref en el punto de seguimiento block_dirty_buffer Al utilizar el punto de seguimiento \"block:block_dirty_buffer\", mark_buffer_dirty() puede provocar una desreferencia de puntero NULL o un fallo de protección general cuando KASAN está habilitado. Esto sucede porque, dado que el punto de seguimiento se agregó en mark_buffer_dirty(), hace referencia al miembro dev_t bh->b_bdev->bd_dev independientemente de si el cabezal del búfer tiene un puntero a una estructura block_device. En la implementación actual, nilfs_grab_buffer(), que toma un búfer para leer (o crear) un bloque de metadatos, incluidos los bloques de nodos de árbol b, no establece el dispositivo de bloque, sino que lo hace solo si el búfer no está en el estado \"uptodate\" para cada una de sus funciones de lectura de bloque de llamada. Sin embargo, si el indicador uptodate está configurado en un folio/página, y los cabezales de búfer se separan de él mediante try_to_free_buffers(), y luego se adjuntan nuevos cabezales de búfer mediante create_empty_buffers(), el indicador uptodate puede restaurarse en cada búfer sin que el dispositivo de bloque se configure en bh->b_bdev, y mark_buffer_dirty() puede llamarse más tarde en ese estado, lo que da como resultado el error mencionado anteriormente. Solucione este problema haciendo que nilfs_grab_buffer() siempre configure el dispositivo de bloque de la estructura de superbloque en el cabezal de búfer, independientemente del estado del indicador uptodate del búfer."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9","versionEndExcluding":"6.1.119","matchCriteriaId":"B9F07E74-2989-4705-AED1-FEACA2FEF716"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.0","versionEndExcluding":"6.6.63","matchCriteriaId":"DC8AE946-6593-4D8D-863A-0BC137CF667F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11.0","versionEndExcluding":"6.11.10","matchCriteriaId":"5D7D3F96-FD78-48BB-9935-3CD41775FEAA"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0a5014ad37c77ac6a2c525137c00a0e1724f6020","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/0ce59fb1c73fdd5b6028226aeb46259a0cdc0957","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2026559a6c4ce34db117d2db8f710fe2a9420d5a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7af3309c7a2ef26831a67125b11c34a7e01c1b2a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/86b19031dbc79abc378dfae357f6ea33ebeb0c95","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b0e4765740040c44039282057ecacd7435d1d2ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d904e4d845aafbcfd8a40c1df7d999f02f062be8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ffc440a76a0f476a7e6ea838ec0dc8e9979944d1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}