CVE-2024-50116: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50116 affects the Linux kernel's NILFS2 filesystem component. The vulnerability was discovered by Syzbot and reported on November 5, 2024. The issue occurs when NILFS2 reads a corrupted file system image and degrades to read-only mode, where a BUG_ON check for the buffer delay flag in submit_bh_wbc() may fail, causing a kernel bug (NVD).

The vulnerability stems from a missing buffer delay flag clearing operation when clearing buffer state flags to discard a page/folio or buffer head. This state inconsistency became problematic after the expansion of NILFS2's own page clear routine. The issue has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause a kernel bug when the filesystem is in a read-only state after encountering corruption. The issue specifically affects the buffer management system of the NILFS2 filesystem, potentially leading to system instability (NVD).

The issue has been fixed in the Linux kernel through a patch that properly clears the buffer delay flag when clearing buffer state flags. The fix has been backported to multiple stable kernel versions, including 3.10 through 6.11.6 (NVD).