CVE-2024-50243: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50243 is a vulnerability in the Linux kernel's NTFS3 filesystem implementation, specifically affecting the handling of non-resident attributes in ntfscreateinode() rollback functionality. The vulnerability was discovered and reported by syzkaller, Google's automated kernel fuzzing tool, and was publicly disclosed on November 9, 2024 (NVD).

The vulnerability manifests as a general protection fault in the runismappedfull function within the NTFS3 filesystem code. The issue occurs during the deletion of a non-resident attribute in ntfscreate_inode() rollback process. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium), with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a general protection fault in the Linux kernel when handling NTFS3 filesystem operations. This could potentially result in system crashes or denial of service conditions. The vulnerability requires local access and can only be triggered when creating an inode on a corrupted and mounted NTFS filesystem (Ubuntu).

The vulnerability has been fixed in the Linux kernel through a patch that properly initializes and handles the runs_tree structure during the deletion of non-resident attributes. The fix has been backported to various stable kernel versions. Users should update their Linux kernel to a patched version. For Ubuntu users, fixes are available in version 6.11.0-18.18 for 24.10 (Oracular) and other affected versions (Kernel Patch).