CVE-2024-50088

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-50088
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50088.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-50088
Downstream
Related
Published
2024-10-29T00:50:31.362Z
Modified
2025-11-20T06:47:09.634202Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
btrfs: fix uninitialized pointer free in add_inode_ref()
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix uninitialized pointer free in addinoderef()

The addinoderef() function does not initialize the "name" struct when it is declared. If any of the following calls to "readoneinode() returns NULL,

dir = read_one_inode(root, parent_objectid);
if (!dir) {
    ret = -ENOENT;
    goto out;
}

inode = read_one_inode(root, inode_objectid);
if (!inode) {
    ret = -EIO;
    goto out;
}

then "name.name" would be freed on "out" before being initialized.

out: ... kfree(name.name);

This issue was reported by Coverity with CID 1526744.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1cf474cd474bc5d3ef63086ffd009a87a5b7bb2e
Fixed
12cf028381aa19bc38465341512c280256e8d82d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e43eec81c5167b655b72c781b0e75e62a05e415e
Fixed
e11ce03b58743bf1e096c48fcaa7e6f08eb75dfa
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e43eec81c5167b655b72c781b0e75e62a05e415e
Fixed
a941f3d5b1469c60a7e70e775584f110b47e0d16
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e43eec81c5167b655b72c781b0e75e62a05e415e
Fixed
66691c6e2f18d2aa4b22ffb624b9bdc97e9979e4

Affected versions

v6.*

v6.1
v6.1.100
v6.1.101
v6.1.102
v6.1.103
v6.1.104
v6.1.105
v6.1.106
v6.1.107
v6.1.108
v6.1.109
v6.1.110
v6.1.111
v6.1.112
v6.1.113
v6.1.57
v6.1.58
v6.1.59
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.90
v6.1.91
v6.1.92
v6.1.93
v6.1.94
v6.1.95
v6.1.96
v6.1.97
v6.1.98
v6.1.99
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.2
v6.11.3
v6.11.4
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 1980.0,
            "function_hash": "160743591431131992993525088401481375941"
        },
        "id": "CVE-2024-50088-7675e98c",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a941f3d5b1469c60a7e70e775584f110b47e0d16",
        "target": {
            "file": "fs/btrfs/tree-log.c",
            "function": "add_inode_ref"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "208376436273443476898824877031549214793",
                "45527007565653637558889049102743100190",
                "5372683035419283316579817973645690830",
                "294129945062263526506395651423338477910"
            ]
        },
        "id": "CVE-2024-50088-78c7f5cd",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@12cf028381aa19bc38465341512c280256e8d82d",
        "target": {
            "file": "fs/btrfs/tree-log.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 1988.0,
            "function_hash": "45628406907262658994080691562875153922"
        },
        "id": "CVE-2024-50088-c22c5426",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@12cf028381aa19bc38465341512c280256e8d82d",
        "target": {
            "file": "fs/btrfs/tree-log.c",
            "function": "add_inode_ref"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "208376436273443476898824877031549214793",
                "45527007565653637558889049102743100190",
                "5372683035419283316579817973645690830",
                "294129945062263526506395651423338477910"
            ]
        },
        "id": "CVE-2024-50088-e4cb4239",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e11ce03b58743bf1e096c48fcaa7e6f08eb75dfa",
        "target": {
            "file": "fs/btrfs/tree-log.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "208376436273443476898824877031549214793",
                "45527007565653637558889049102743100190",
                "5372683035419283316579817973645690830",
                "294129945062263526506395651423338477910"
            ]
        },
        "id": "CVE-2024-50088-f2282843",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a941f3d5b1469c60a7e70e775584f110b47e0d16",
        "target": {
            "file": "fs/btrfs/tree-log.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 1988.0,
            "function_hash": "45628406907262658994080691562875153922"
        },
        "id": "CVE-2024-50088-f90df6b3",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e11ce03b58743bf1e096c48fcaa7e6f08eb75dfa",
        "target": {
            "file": "fs/btrfs/tree-log.c",
            "function": "add_inode_ref"
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.114
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.58
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.11.5