Login Sign Up

CVE-2024-50230

7.8 HIGH
Denial of Service

📋 TL;DR

A Linux kernel vulnerability in the nilfs2 filesystem where a missing flag clearing causes directory operations to skip sanity checks after filesystem corruption. This can trigger a kernel bug (BUG_ON) leading to system crashes. Affects systems using the nilfs2 filesystem with Linux kernel versions containing the bug.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions with the bug before fixes were applied (check git commits for exact ranges).
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if nilfs2 filesystem is in use and experiences corruption that triggers read-only mode.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crash/kernel panic leading to denial of service, potentially requiring physical access to reboot.

🟠

Likely Case

System instability or crash when nilfs2 filesystem corruption occurs during directory operations.

🟢

If Mitigated

Minimal impact if nilfs2 is not used or filesystem remains uncorrupted.

🌐 Internet-Facing: LOW - Requires local filesystem access and specific conditions.
🏢 Internal Only: MEDIUM - Local users or processes could trigger the bug if using nilfs2.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Requires specific filesystem conditions and local access; discovered via syzbot fuzzing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 41e192ad2779cae0102879612dfe46726e4396aa and related fixes

Vendor Advisory: https://git.kernel.org/stable/c/41e192ad2779cae0102879612dfe46726e4396aa

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Avoid nilfs2 usage

linux

Do not use nilfs2 filesystem for critical systems

Mount nilfs2 as read-only

linux

Prevent write operations that could trigger the bug

mount -o remount,ro /dev/nilfs2_device /mount_point

🧯 If You Can't Patch

  • Monitor system logs for nilfs2 corruption warnings
  • Implement filesystem integrity checks and backups

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if nilfs2 filesystems are mounted: uname -r && mount | grep nilfs2

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits and test nilfs2 operations

📡 Detection & Monitoring

Log Indicators:

  • Kernel BUG_ON messages
  • nilfs2 corruption warnings in dmesg
  • System crash logs

SIEM Query:

source="kernel" AND ("nilfs2" OR "BUG_ON")

📊 Metadata

CVE ID: CVE-2024-50230
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: November 9, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50230, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)