Description
In the Linux kernel, the following vulnerability has been resolved:

ocfs2: fix null-ptr-deref when journal load failed.

During the mounting process, if journal_reset() fails because of too short
journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer.
Subsequently, ocfs2_journal_shutdown() calls
jbd2_journal_flush()->jbd2_cleanup_journal_tail()->
__jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail()
->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer
dereference error.

To resolve this issue, we should check the JBD2_LOADED flag to ensure the
journal was properly loaded. Additionally, use journal instead of
osb->journal directly to simplify the code.
Published: 2024-10-21
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4008-1 linux-6.1 security update
Debian DLA Debian DLA DLA-4075-1 linux security update
Ubuntu USN Ubuntu USN USN-7166-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7166-2 Linux kernel (AWS) vulnerabilities
Ubuntu USN Ubuntu USN USN-7166-3 Linux kernel (HWE) vulnerabilities
Ubuntu USN Ubuntu USN USN-7166-4 Linux kernel (Xilinx ZynqMP) vulnerabilities
Ubuntu USN Ubuntu USN USN-7186-1 Linux kernel (Intel IoTG) vulnerabilities
Ubuntu USN Ubuntu USN USN-7186-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7194-1 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-7276-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7277-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7293-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7294-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7294-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7294-3 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7294-4 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7295-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7301-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7303-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7303-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7303-3 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7304-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7310-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7311-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7384-1 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-7384-2 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-7385-1 Linux kernel (IBM) vulnerabilities
Ubuntu USN Ubuntu USN USN-7386-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-7393-1 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-7401-1 Linux kernel (AWS) vulnerabilities
Ubuntu USN Ubuntu USN USN-7403-1 Linux kernel (HWE) vulnerabilities
Ubuntu USN Ubuntu USN USN-7413-1 Linux kernel (IoT) vulnerabilities
Ubuntu USN Ubuntu USN USN-7468-1 Linux kernel (Azure, N-Series) vulnerabilities
Ubuntu USN Ubuntu USN USN-7539-1 Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN Ubuntu USN USN-7540-1 Linux kernel (Raspberry Pi) vulnerabilities
History

Mon, 03 Nov 2025 23:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Fri, 08 Nov 2024 16:00:00 +0000

Type Values Removed Values Added
References

Mon, 28 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses CWE-476
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Wed, 23 Oct 2024 01:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Tue, 22 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 21 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journal_reset() fails because of too short journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() calls jbd2_journal_flush()->jbd2_cleanup_journal_tail()-> __jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail() ->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer dereference error. To resolve this issue, we should check the JBD2_LOADED flag to ensure the journal was properly loaded. Additionally, use journal instead of osb->journal directly to simplify the code.
Title ocfs2: fix null-ptr-deref when journal load failed.
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T20:42:48.902Z

Reserved: 2024-10-21T12:17:06.048Z

Link: CVE-2024-49957

cve-icon Vulnrichment

Updated: 2025-11-03T22:23:36.709Z

cve-icon NVD

Status : Modified

Published: 2024-10-21T18:15:16.950

Modified: 2025-11-03T23:16:34.040

Link: CVE-2024-49957

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-10-21T00:00:00Z

Links: CVE-2024-49957 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses