CVE-2024-49875: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49875 affects the Linux kernel's Network File System (NFS) server daemon, specifically related to error handling in the ext4 filesystem. The vulnerability was discovered on October 21, 2024, and received an initial analysis by NIST on October 24, 2024. The issue affects multiple versions of the Linux kernel, including versions up to 5.10.227, 5.11 to 5.15.168, 5.16 to 6.1.113, 6.2 to 6.6.55, and 6.7 to 6.10.14 (NVD).

The vulnerability occurs when ext4 throws an -EBADMSG error through ext4_readdir during checksum error verification. This results in improper error mapping in the NFS server daemon, causing a warning message to be generated. The issue specifically manifests in the nfserrno function when handling the -EBADMSG (-74) error code. The CVSS v3.1 base score is 5.5 (MEDIUM) with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N (NVD).

The vulnerability can result in system warnings when accessing directories through NFS on ext4 filesystems with checksum verification enabled. While primarily affecting system logging and error handling, it represents an improper validation of integrity check values (NVD).

The issue has been fixed by mapping the EBADMSG error to nfserr_io in the Linux kernel. The fix involves adding a new error mapping entry in the nfserrno function. System administrators should update their Linux kernel to the latest patched version. For Ubuntu users, specific package updates are available for various versions including Ubuntu 20.04 LTS and 22.04 LTS (Ubuntu Notice).