CVE-2024-47757: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47757 affects the Linux kernel's nilfs2 filesystem component, specifically in the nilfs_btree_check_delete() function. The vulnerability was discovered on September 4, 2024, and publicly disclosed on October 21, 2024. The issue affects Linux kernel versions from 2.6.30 up to versions before 5.10.227, 5.15.168, 6.1.113, and 6.6.54. This vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High) (NVD).

The vulnerability is an out-of-bounds read issue in the nilfs_btree_check_delete() function, which checks whether degeneration to direct mapping occurs before deleting a b-tree entry. The function causes memory access outside the block buffer when retrieving the maximum key if the root node has no entries. While this condition doesn't typically occur because b-tree mappings with 0 child nodes are never created by mkfs.nilfs2 or nilfs2 itself, it can happen if the b-tree root node read from a device is configured that way (Kernel Patch).

The vulnerability could lead to an out-of-bounds read condition in the Linux kernel's nilfs2 filesystem component. This could potentially result in information disclosure or system crashes when accessing specially crafted nilfs2 filesystems (NVD).

The vulnerability has been fixed in multiple Linux kernel versions. Updates are available in versions 5.10.227, 5.15.168, 6.1.113, and 6.6.54 and later. The fix involves adding a check for the case where the root node has no entries before attempting to access the maximum key (Kernel Patch).