CVE-2024-53690

In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent use of deleted inode syzbot reported a WARNING in nilfs_rmdir. [1] Because the inode bitmap is corrupted, an inode with an inode number that should exist as a ".nilfs" file was reassigned by nilfs_mkdir for "file0", causing an inode duplication during execution. And this causes an underflow of i_nlink in rmdir operations. The inode is used twice by the same task to unmount and remove directories ".nilfs" and "file0", it trigger warning in nilfs_rmdir. Avoid to this issue, check i_nlink in nilfs_iget(), if it is 0, it means that this inode has been deleted, and iput is executed to reclaim it. [1] WARNING: CPU: 1 PID: 5824 at fs/inode.c:407 drop_nlink+0xc4/0x110 fs/inode.c:407 ... Call Trace: <TASK> nilfs_rmdir+0x1b0/0x250 fs/nilfs2/namei.c:342 vfs_rmdir+0x3a3/0x510 fs/namei.c:4394 do_rmdir+0x3b5/0x580 fs/namei.c:4453 __do_sys_rmdir fs/namei.c:4472 [inline] __se_sys_rmdir fs/namei.c:4470 [inline] __x64_sys_rmdir+0x47/0x50 fs/namei.c:4470 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/284760b320a0bac411b18108316939707dccb12b	Patch
https://git.kernel.org/stable/c/55e4baa0d32f0530ddc64c26620e1f2f8fa2724c	Patch
https://git.kernel.org/stable/c/5d4ed71327b0b5f3b179a19dc3c06be9509ab3db	Patch
https://git.kernel.org/stable/c/901ce9705fbb9f330ff1f19600e5daf9770b0175	Patch
https://git.kernel.org/stable/c/912188316a8c9e41b8c1603c2276a05043b14f96	Patch
https://git.kernel.org/stable/c/ef942d233643777f7b2a5deef620e82942983143	Patch
https://git.kernel.org/stable/c/ff561987ff12b6a3233431ff659b5d332e22f153	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc3::::::

History

15 Oct 2025, 20:47

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: evitar el uso de inodo eliminado syzbot informó una ADVERTENCIA en nilfs_rmdir. [1] Debido a que el mapa de bits del inodo está dañado, un inodo con un número de inodo que debería existir como un archivo ".nilfs" fue reasignado por nilfs_mkdir para "file0", lo que provocó una duplicación de inodo durante la ejecución. Y esto causa un desbordamiento de i_nlink en operaciones rmdir. El inodo es utilizado dos veces por la misma tarea para desmontar y eliminar los directorios ".nilfs" y "file0", lo que activa una advertencia en nilfs_rmdir. Evite este problema, verifique i_nlink en nilfs_iget(), si es 0, significa que este inodo ha sido eliminado y se ejecuta iput para recuperarlo. [1] ADVERTENCIA: CPU: 1 PID: 5824 en fs/inode.c:407 drop_nlink+0xc4/0x110 fs/inode.c:407 ... Seguimiento de llamadas: nilfs_rmdir+0x1b0/0x250 fs/nilfs2/namei.c:342 vfs_rmdir+0x3a3/0x510 fs/namei.c:4394 do_rmdir+0x3b5/0x580 fs/namei.c:4453 __do_sys_rmdir fs/namei.c:4472 [en línea] __se_sys_rmdir fs/namei.c:4470 [en línea] __x64_sys_rmdir+0x47/0x50 fs/namei.c:4470 do_syscall_x64 arch/x86/entry/common.c:52 [en línea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f
CWE		NVD-CWE-noinfo
References	~~() https://git.kernel.org/stable/c/284760b320a0bac411b18108316939707dccb12b -~~	() https://git.kernel.org/stable/c/284760b320a0bac411b18108316939707dccb12b - Patch
References	~~() https://git.kernel.org/stable/c/55e4baa0d32f0530ddc64c26620e1f2f8fa2724c -~~	() https://git.kernel.org/stable/c/55e4baa0d32f0530ddc64c26620e1f2f8fa2724c - Patch
References	~~() https://git.kernel.org/stable/c/5d4ed71327b0b5f3b179a19dc3c06be9509ab3db -~~	() https://git.kernel.org/stable/c/5d4ed71327b0b5f3b179a19dc3c06be9509ab3db - Patch
References	~~() https://git.kernel.org/stable/c/901ce9705fbb9f330ff1f19600e5daf9770b0175 -~~	() https://git.kernel.org/stable/c/901ce9705fbb9f330ff1f19600e5daf9770b0175 - Patch
References	~~() https://git.kernel.org/stable/c/912188316a8c9e41b8c1603c2276a05043b14f96 -~~	() https://git.kernel.org/stable/c/912188316a8c9e41b8c1603c2276a05043b14f96 - Patch
References	~~() https://git.kernel.org/stable/c/ef942d233643777f7b2a5deef620e82942983143 -~~	() https://git.kernel.org/stable/c/ef942d233643777f7b2a5deef620e82942983143 - Patch
References	~~() https://git.kernel.org/stable/c/ff561987ff12b6a3233431ff659b5d332e22f153 -~~	() https://git.kernel.org/stable/c/ff561987ff12b6a3233431ff659b5d332e22f153 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc3::::::

11 Jan 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-11 13:15

Updated : 2025-10-15 20:47

NVD link : CVE-2024-53690

Mitre link : CVE-2024-53690

CVE.ORG link : CVE-2024-53690

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10