{"id":"CVE-2024-47699","summary":"nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential null-ptr-deref in nilfs_btree_insert()\n\nPatch series \"nilfs2: fix potential issues with empty b-tree nodes\".\n\nThis series addresses three potential issues with empty b-tree nodes that\ncan occur with corrupted filesystem images, including one recently\ndiscovered by syzbot.\n\n\nThis patch (of 3):\n\nIf a b-tree is broken on the device, and the b-tree height is greater than\n2 (the level of the root node is greater than 1) even if the number of\nchild nodes of the b-tree root is 0, a NULL pointer dereference occurs in\nnilfs_btree_prepare_insert(), which is called from nilfs_btree_insert().\n\nThis is because, when the number of child nodes of the b-tree root is 0,\nnilfs_btree_do_lookup() does not set the block buffer head in any of\npath[x].bp_bh, leaving it as the initial value of NULL, but if the level\nof the b-tree root node is greater than 1, nilfs_btree_get_nonroot_node(),\nwhich accesses the buffer memory of path[x].bp_bh, is called.\n\nFix this issue by adding a check to nilfs_btree_root_broken(), which\nperforms sanity checks when reading the root node from the device, to\ndetect this inconsistency.\n\nThanks to Lizhi Xu for trying to solve the bug and clarifying the cause\nearly on.","modified":"2026-04-16T04:32:36.399984348Z","published":"2024-10-21T11:53:35.962Z","related":["SUSE-SU-2024:3984-1","SUSE-SU-2024:3986-1","SUSE-SU-2024:4315-1","SUSE-SU-2024:4318-1","SUSE-SU-2024:4364-1","SUSE-SU-2024:4376-1","SUSE-SU-2024:4387-1","SUSE-SU-2025:20163-1","SUSE-SU-2025:20164-1","SUSE-SU-2025:20246-1","SUSE-SU-2025:20247-1","USN-7276-1","USN-7277-1","openSUSE-SU-2024:14500-1","openSUSE-SU-2025:14705-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47699.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1d94dbdfbb64cc48d10dec65cc3c4fbf2497b343"},{"type":"WEB","url":"https://git.kernel.org/stable/c/21839b6fbc3c41b3e374ecbdb0cabbbb2c53cf34"},{"type":"WEB","url":"https://git.kernel.org/stable/c/24bf40740a3da6b4056721da34997ae6938f3da1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2b78e9df10fb7f4e9d3d7a18417dd72fbbc1dfd0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3644554d308ddf2669e459a1551a7edf60b2d62b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/73d23ecf234b7a6d47fb883f2dabe10e3230b31d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9403001ad65ae4f4c5de368bdda3a0636b51d51a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/db73500d3f0e558eb642aae1d4782e7726b4a03f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f68523e0f26faade18833fbef577a4295d8e2c94"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47699.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47699"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"17c76b0104e4a6513983777e1a17e0297a12b0c4"},{"fixed":"2b78e9df10fb7f4e9d3d7a18417dd72fbbc1dfd0"},{"fixed":"1d94dbdfbb64cc48d10dec65cc3c4fbf2497b343"},{"fixed":"24bf40740a3da6b4056721da34997ae6938f3da1"},{"fixed":"73d23ecf234b7a6d47fb883f2dabe10e3230b31d"},{"fixed":"f68523e0f26faade18833fbef577a4295d8e2c94"},{"fixed":"21839b6fbc3c41b3e374ecbdb0cabbbb2c53cf34"},{"fixed":"db73500d3f0e558eb642aae1d4782e7726b4a03f"},{"fixed":"3644554d308ddf2669e459a1551a7edf60b2d62b"},{"fixed":"9403001ad65ae4f4c5de368bdda3a0636b51d51a"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47699.json"}}],"schema_version":"1.7.5"}