CVE-2024-49968: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49968 affects the Linux kernel's ext4 filesystem implementation. The vulnerability was discovered when attempting to mount ext4 filesystems with DXHASHSIPHASH as the default hash version but without the casefold feature enabled. This issue affects Linux kernel versions up to (excluding) 6.11.3 (NVD).

The vulnerability exists in the ext4 filesystem mounting mechanism. When the default hash version is set to DXHASHSIPHASH but the casefold feature is not set, the system should prevent the mounting operation. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to a denial of service condition when attempting to mount affected ext4 filesystems. This could potentially cause system instability or crashes when trying to mount filesystems with incompatible feature combinations (Kernel Patch).

The issue has been fixed in the Linux kernel through a patch that adds a validation check during the filesystem mounting process. The fix prevents mounting ext4 filesystems when DXHASHSIPHASH is set as the default hash version without the casefold feature enabled. Systems should be updated to Linux kernel version 6.11.3 or later to address this vulnerability (Kernel Patch).