What is CVE-2024-49958?

CVE-2024-49958 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, affecting Linux kernel versions from 3.0.87 onward and patched in 4.19.323, 5.4.285, 5.10.227 and others. CVE-2024-49958 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-49958?

CVE-2024-49958 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-49958?

Yes, CVE-2024-49958 has been patched. Fixed versions include 4.19.323, 5.4.285, 5.10.227 and others. If you are running Linux kernel 3.0.87 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2024-49958 actively exploited?

CVE-2024-49958 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-49958

Medium

In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn output showed the below corruption [EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record, but fsck believes the largest valid value is 227. Clamp the next record value? n The stat output from the debugfs.ocfs2 showed the following corruption where the "Next Free Rec:" had overshot the "Count:" in the root metadata block. Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856) FS Generation: 904309833 (0x35e6ac49) CRC32: 00000000 ECC: 0000 Type: Regular Attr: 0x0 Flags: Valid Dynamic Features: (0x16) HasXattr InlineXattr Refcounted Extended Attributes Block: 0 Extended Attributes Inline Size: 256 User: 0 (root) Group: 0 (root) Size: 281320357888 Links: 1 Clusters: 141738 ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024 atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024 mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024 dtime: 0x0 -- Wed Dec 31 17:00:00 1969 Refcount Block: 2777346 Last Extblk: 2886943 Orphan Slot: 0 Sub Alloc Slot: 0 Sub Alloc Bit: 14 Tree Depth: 1 Count: 227 Next Free Rec: 230 ## Offset Clusters Block# 0 0 2310 2776351 1 2310 2139 2777375 2 4449 1221 2778399 3 5670 731 2779423 4 6401 566 2780447 ....... .... ....... ....... .... ....... The issue was in the reflink workfow while reserving space for inline xattr. The problematic function is ocfs2_reflink_xattr_inline(). By the time this function is called the reflink tree is already recreated at the destination inode from the source inode. At this point, this function reserves space for inline xattrs at the destination inode without even checking if there is space at the root metadata block. It simply reduces the l_count from 243 to 227 thereby making space of 256 bytes for inline xattr whereas the inode already has extents beyond this index (in this case up to 230), thereby causing corruption. The fix for this is to reserve space for inline metadata at the destination inode before the reflink tree gets recreated. The customer has verified the fix.

Package Linux Kernel

Published 2024-10-21

Last modified 2025-11-03

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected versions

Linux kernel versions 3.0.87, 3.2.49, 3.4.54, 3.9.11, 3.10.2, 3.11 and later are affected. Fixed in 4.19.323, 5.4.285, 5.10.227, 5.15.168, 6.1.113, 6.6.55, 6.10.14, 6.11.3, 6.12 and their respective stable series.

Affected from

≥ 3.0.87 ≥ 3.2.49 ≥ 3.4.54 ≥ 3.9.11 ≥ 3.10.2 ≥ 3.11

Fixed in

✓ 4.19.323 4.19.x ✓ 5.4.285 5.4.x ✓ 5.10.227 5.10.x ✓ 5.15.168 5.15.x ✓ 6.1.113 6.1.x ✓ 6.6.55 6.6.x ✓ 6.10.14 6.10.x ✓ 6.11.3 6.11.x ✓ 6.12

References

The following references provide additional information about CVE-2024-49958 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Debian Security
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Kernel patch commit
https://git.kernel.org/stable/c/020f5c53c17f66c0a8f2d37dad27ace301b8d8a1
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5c2072f02c0d75802ec28ec703b7d43a0dd008b5
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5c9807c523b4fca81d3e8e864dabc8c806402121
Patch

9 patch commits total View all on NVD

Details

CVE ID CVE-2024-49958

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-10-21

Modified 2025-11-03

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2024-49958?

CVE-2024-49958 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 3.0.87 onward and has been patched in 4.19.323, 5.4.285, 5.10.227 and others. CVE-2024-49958 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-49958?

CVE-2024-49958 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-49958?

Yes — CVE-2024-49958 has been patched. Fixed versions include 4.19.323, 5.4.285, 5.10.227 and others. If you are running Linux kernel 3.0.87 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2024-49958 actively exploited?

No — CVE-2024-49958 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.