CVE-2024-47757 in Linux
Summary
by MITRE • 10/21/2024
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential oob read in nilfs_btree_check_delete()
The function nilfs_btree_check_delete(), which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory access outside the block buffer when retrieving the maximum key if the root node has no entries.
This does not usually happen because b-tree mappings with 0 child nodes are never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen if the b-tree root node read from a device is configured that way, so fix this potential issue by adding a check for that case.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 01/19/2026
The vulnerability identified as CVE-2024-47757 resides within the Linux kernel's nilfs2 file system implementation, specifically in the nilfs_btree_check_delete() function that manages b-tree entry deletion operations. This flaw represents a potential out-of-bounds read condition that could compromise system stability and security. The issue manifests when the function attempts to retrieve the maximum key from a b-tree root node that contains no entries, causing memory access beyond the allocated block buffer boundaries. Such out-of-bounds memory access represents a classic vulnerability pattern that can lead to information disclosure, system crashes, or potentially more severe exploitation scenarios.
The technical implementation flaw occurs in the nilfs2 file system's b-tree data structure management where the nilfs_btree_check_delete() function performs validation checks before deleting b-tree entries. When the root node of a b-tree has zero child nodes, the function attempts to access memory locations beyond the valid buffer boundaries while trying to retrieve the maximum key value. This condition typically does not occur during normal file system operation since the mkfs.nilfs2 utility and nilfs2 itself do not create b-tree mappings with zero child nodes. However, the vulnerability becomes exploitable when corrupted or maliciously configured b-tree root nodes are encountered during device read operations, bypassing normal file system creation constraints.
The operational impact of this vulnerability extends beyond simple system instability to potential security implications within Linux kernel environments. An attacker who can manipulate or corrupt b-tree structures on a nilfs2 file system could potentially trigger the out-of-bounds read condition, leading to information leakage from kernel memory spaces or system crashes that could be exploited for denial-of-service attacks. The vulnerability affects systems running Linux kernels with nilfs2 file system support, particularly those that might encounter corrupted or modified file system structures. This type of vulnerability aligns with CWE-125 out-of-bounds read classifications and could potentially map to ATT&CK techniques involving privilege escalation through kernel memory corruption or system stability compromise.
The fix implemented addresses this vulnerability by adding a specific check for the edge case where b-tree root nodes contain no entries. This defensive programming approach prevents the function from attempting memory access beyond valid buffer boundaries when encountering empty root nodes. The solution ensures that the nilfs_btree_check_delete() function properly validates the b-tree structure before attempting to access key values, thereby preventing the out-of-bounds read condition. This mitigation strategy follows established security practices for preventing memory safety issues in kernel code and aligns with the principle of input validation and boundary checking that forms the foundation of secure systems programming. The fix maintains backward compatibility while strengthening the file system's resilience against corrupted data structures that could otherwise lead to kernel memory access violations.