Linux Kernel up to 6.1.113/6.6.57/6.11.4 btrfs read_alloc_one_name Name uninitialized pointer

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.4 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Linux Kernel up to 6.1.113/6.6.57/6.11.4. It has been declared as problematic. This vulnerability affects the function read_alloc_one_name of the component btrfs. Executing a manipulation of the argument Name can lead to uninitialized pointer.
The identification of this vulnerability is CVE-2024-50087. There is no exploit available.
It is recommended to upgrade the affected component.
Details
A vulnerability was found in Linux Kernel up to 6.1.113/6.6.57/6.11.4. It has been declared as problematic. This vulnerability affects the function read_alloc_one_name of the component btrfs. The manipulation of the argument name with an unknown input leads to a uninitialized pointer vulnerability. The CWE definition for the vulnerability is CWE-824. The product accesses or uses a pointer that has not been initialized. The impact remains unknown. CVE summarizes:
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free on read_alloc_one_name() error The function read_alloc_one_name() does not initialize the name field of the passed fscrypt_str struct if kmalloc fails to allocate the corresponding buffer. Thus, it is not guaranteed that fscrypt_str.name is initialized when freeing it. This is a follow-up to the linked patch that fixes the remaining instances of the bug introduced by commit e43eec81c516 ("btrfs: use struct qstr instead of name and namelen pairs").
The advisory is available at git.kernel.org. This vulnerability was named CVE-2024-50087 since 10/21/2024. Technical details are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 213018 (SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:4314-1)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 6.1.114, 6.6.58 or 6.11.5 eliminates this vulnerability. Applying the patch b37de9491f14/7fc7c47b9ba0/1ec28de5e476/2ab5e243c226 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (213018), EUVD (EUVD-2024-44728) and CERT Bund (WID-SEC-2024-3289). If you want to get best quality of vulnerability data, you may have to visit VulDB.
Affected
- Debian Linux
- Amazon Linux 2
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- Oracle Linux
- Open Source eCryptfs
- NetApp ActiveIQ Unified Manager
- SUSE openSUSE
- RESF Rocky Linux
- IBM QRadar SIEM
Product
Type
Vendor
Name
Version
- 6.1.113
- 6.6.0
- 6.6.1
- 6.6.2
- 6.6.3
- 6.6.4
- 6.6.5
- 6.6.6
- 6.6.7
- 6.6.8
- 6.6.9
- 6.6.10
- 6.6.11
- 6.6.12
- 6.6.13
- 6.6.14
- 6.6.15
- 6.6.16
- 6.6.17
- 6.6.18
- 6.6.19
- 6.6.20
- 6.6.21
- 6.6.22
- 6.6.23
- 6.6.24
- 6.6.25
- 6.6.26
- 6.6.27
- 6.6.28
- 6.6.29
- 6.6.30
- 6.6.31
- 6.6.32
- 6.6.33
- 6.6.34
- 6.6.35
- 6.6.36
- 6.6.37
- 6.6.38
- 6.6.39
- 6.6.40
- 6.6.41
- 6.6.42
- 6.6.43
- 6.6.44
- 6.6.45
- 6.6.46
- 6.6.47
- 6.6.48
- 6.6.49
- 6.6.50
- 6.6.51
- 6.6.52
- 6.6.53
- 6.6.54
- 6.6.55
- 6.6.56
- 6.6.57
- 6.11.0
- 6.11.1
- 6.11.2
- 6.11.3
- 6.11.4
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.4
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Uninitialized pointerCWE: CWE-824 / CWE-908
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 213018
Nessus Name: SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:4314-1)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 6.1.114/6.6.58/6.11.5
Patch: b37de9491f14/7fc7c47b9ba0/1ec28de5e476/2ab5e243c226
Timeline
10/21/2024 🔍10/29/2024 🔍
10/29/2024 🔍
10/02/2025 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2024-50087 (🔍)
GCVE (CVE): GCVE-0-2024-50087
GCVE (VulDB): GCVE-100-282274
EUVD: 🔍
CERT Bund: WID-SEC-2024-3289 - Linux Kernel: Mehrere Schwachstellen
Entry
Created: 10/29/2024 07:41Updated: 10/02/2025 00:54
Changes: 10/29/2024 07:41 (59), 12/14/2024 17:28 (2), 08/21/2025 16:23 (7), 10/01/2025 23:33 (11), 10/02/2025 00:54 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.