CVE-2024-49881: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49881 is a vulnerability in the Linux kernel's ext4 filesystem implementation, discovered in October 2024. The issue occurs in the ext4findextent() function where if the path is not big enough, it frees the path and sets orig_path to NULL, but after reallocating and successfully initializing the path, it doesn't update orig_path. This results in a situation where the caller gets a valid path but a NULL ppath (NVD).

The vulnerability is caused by a NULL pointer dereference in the ext4 filesystem code. When ext4findextent() reallocates memory for a path that's not big enough, it fails to update the original path pointer, leading to potential NULL pointer dereference or memory leaks. The issue has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability affects Linux kernel versions from 3.18 up to versions before 5.10.227, 5.15.168, 6.1.113, 6.6.55, and 6.11.3 (NVD).

The vulnerability can lead to a NULL pointer dereference or a path memory leak in the affected systems. When exploited, it can cause a denial of service through system crash, as demonstrated by a NULL pointer dereference occurring in the ext4splitextent_at function (Kernel Patch).

The vulnerability has been fixed in multiple Linux kernel versions through patches that properly update the orig_path pointer after successful path reallocation. The fix has been backported to various stable kernel versions. Users should update their Linux kernel to versions 5.10.227 or later, 5.15.168 or later, 6.1.113 or later, 6.6.55 or later, or 6.11.3 or later (Ubuntu Security).