CVE-2024-56570
ovl: Filter invalid inodes with missing lookup function
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
27 Dec 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
ovl: Filter invalid inodes with missing lookup function
Add a check to the ovl_dentry_weird() function to prevent the
processing of directory inodes that lack the lookup function.
This is important because such inodes can cause errors in overlayfs
when passed to the lowerstack.
Affected products
Linux · LinuxReferences
https://git.kernel.org/stable/c/065bf5dd21639f80e68450de16bda829784dbb8chttps://git.kernel.org/stable/c/5f86e79c0b2287ffdabe6c1b305a36c4e0f40fe3https://git.kernel.org/stable/c/72014e7745cc8250bb8f27bd78694dfd3f1b5773https://git.kernel.org/stable/c/749eac5a6687ec99116e0691d0d71225254654e3https://git.kernel.org/stable/c/c8b359dddb418c60df1a69beea01d1b3322bfe83https://git.kernel.org/stable/c/f9248e2f73fb4afe08324485e98c815ac084d166https://git.kernel.org/stable/c/ff43d008bbf9b27ada434d6455f039a5ef6cee53https://lists.debian.org/debian-lts-announce/2025/03/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2025/03/msg00002.html