{"id":"CVE-2024-42304","summary":"ext4: make sure the first directory block is not a hole","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: make sure the first directory block is not a hole\n\nThe syzbot constructs a directory that has no dirblock but is non-inline,\ni.e. the first directory block is a hole. And no errors are reported when\ncreating files in this directory in the following flow.\n\n ext4_mknod\n ...\n ext4_add_entry\n // Read block 0\n ext4_read_dirblock(dir, block, DIRENT)\n bh = ext4_bread(NULL, inode, block, 0)\n if (!bh && (type == INDEX || type == DIRENT_HTREE))\n // The first directory block is a hole\n // But type == DIRENT, so no error is reported.\n\nAfter that, we get a directory block without '.' and '..' but with a valid\ndentry. This may cause some code that relies on dot or dotdot (such as\nmake_indexed_dir()) to crash.\n\nTherefore when ext4_read_dirblock() finds that the first directory block\nis a hole report that the filesystem is corrupted and return an error to\navoid loading corrupted data from disk causing something bad.","modified":"2026-04-02T12:17:56.554060Z","published":"2024-08-17T09:09:10.545Z","related":["MGASA-2024-0309","MGASA-2024-0310","SUSE-SU-2024:3551-1","SUSE-SU-2024:3561-1","SUSE-SU-2024:3564-1","SUSE-SU-2024:3569-1","SUSE-SU-2024:3587-1","SUSE-SU-2024:3592-1","SUSE-SU-2025:20073-1","SUSE-SU-2025:20077-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42304.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/299bc6ffa57e04e74c6cce866d6c0741fb4897a1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9771e3d8365ae1dd5e8846a204cb9af14e3e656a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b609753cbbd38f8c0affd4956c0af178348523ac"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c3893d9de8ee153baac56d127d844103488133b5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe"},{"type":"WEB","url":"https://git.kernel.org/stable/c/de2a011a13a46468a6e8259db58b1b62071fe136"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134ce06bcfa"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42304.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42304"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3a17ca864baffc0c6f6e8aad525aa4365775a193"},{"fixed":"d81d7e347d1f1f48a5634607d39eb90c161c8afe"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4e19d6b65fb4fc42e352ce9883649e049da14743"},{"fixed":"e02f9941e8c011aa3eafa799def6a134ce06bcfa"},{"fixed":"de2a011a13a46468a6e8259db58b1b62071fe136"},{"fixed":"9771e3d8365ae1dd5e8846a204cb9af14e3e656a"},{"fixed":"b609753cbbd38f8c0affd4956c0af178348523ac"},{"fixed":"c3893d9de8ee153baac56d127d844103488133b5"},{"fixed":"299bc6ffa57e04e74c6cce866d6c0741fb4897a1"},{"fixed":"f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"3f0307b0d2d8b333a6964fc4c820dc86896fd1cf"},{"last_affected":"514631c2225c1fd556c799cc1893fb27b0f48f00"},{"last_affected":"7f1f86276515f6816a98f6ca3ef99c827d54642f"},{"last_affected":"5021b7a5bdd6bb859eb648c3da71cdd6aae1d133"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42304.json"}}],"schema_version":"1.7.5"}