NVD Vulnerability Detail

CVE-2024-49959

Summary	In the Linux kernel, the following vulnerability has been resolved: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error In __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail() to recover some journal space. But if an error occurs while executing jbd2_cleanup_journal_tail() (e.g., an EIO), we don't stop waiting for free space right away, we try other branches, and if j_committing_transaction is NULL (i.e., the tid is 0), we will get the following complain: ============================================ JBD2: I/O error when updating journal superblock for sdd-8. __jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available __jbd2_log_wait_for_space: no way to get more journal space in sdd-8 ------------[ cut here ]------------ WARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0 Modules linked in: CPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1 RIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0 Call Trace: <TASK> add_transaction_credits+0x5d1/0x5e0 start_this_handle+0x1ef/0x6a0 jbd2__journal_start+0x18b/0x340 ext4_dirty_inode+0x5d/0xb0 __mark_inode_dirty+0xe4/0x5d0 generic_update_time+0x60/0x70 [...] ============================================ So only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to clean up at the moment, continue to try to reclaim free space in other ways. Note that this fix relies on commit 6f6a6fda2945 ("jbd2: fix ocfs2 corrupt when updating journal superblock fails") to make jbd2_cleanup_journal_tail return the correct error code.
Publication Date	Oct. 22, 2024, 3:15 a.m.
Registration Date	Oct. 22, 2024, 12:02 p.m.
Last Update	Nov. 9, 2024, 1:15 a.m.

CVSS3.1 : MEDIUM
スコア	5.5
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::	5.16			6.1.113
cpe:2.3:o:linux:linux_kernel::::::::	5.11			5.15.168
cpe:2.3:o:linux:linux_kernel::::::::	6.7			6.10.14
cpe:2.3:o:linux:linux_kernel::::::::	6.11			6.11.3
cpe:2.3:o:linux:linux_kernel::::::::	6.2			6.6.55
cpe:2.3:o:linux:linux_kernel::::::::	2.6.28			5.10.227

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed	Patch
2	https://git.kernel.org/stable/c/ec7f8337c98ad281020ad1f11ba492462d80737a	Patch
3	https://git.kernel.org/stable/c/70bae48377a2c4296fd3caf4caf8f11079111019	Patch
4	https://git.kernel.org/stable/c/1c62dc0d82c62f0dc8fcdc4843208e522acccaf5	Patch
5	https://git.kernel.org/stable/c/3ced0fe6c0eff032733ea8b38778b34707270138	Patch
6	https://git.kernel.org/stable/c/c6bf043b210eac67d35a114e345c4e5585672913	Patch
7	https://git.kernel.org/stable/c/f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a	Patch
8	https://git.kernel.org/stable/c/801a35dfef6996f3d5eaa96a59caf00440d9165e
9	https://git.kernel.org/stable/c/d5dc65370a746750dbb2f03eabcf86b18db65f32

Common Vulnerabilities List

JVN Vulnerability Information

Linux の Linux Kernel における脆弱性

Title	Linux の Linux Kernel における脆弱性
Summary	Linux の Linux Kernel には、不特定の脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 26, 2024, midnight
Registration Date	Nov. 8, 2024, 12:33 p.m.
Last Update	Aug. 20, 2025, 5:39 p.m.

Affected System

Linux

Linux Kernel 2.6.28 以上 5.10.227 未満

Linux Kernel 5.11 以上 5.15.168 未満

Linux Kernel 5.16 以上 6.1.113 未満

Linux Kernel 6.11 以上 6.11.3 未満

Linux Kernel 6.2 以上 6.6.55 未満

Linux Kernel 6.7 以上 6.10.14 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-49959	https://www.cve.org/CVERecord?id=CVE-2024-49959
National Vulnerability Database (NVD)
2	CVE-2024-49959	https://nvd.nist.gov/vuln/detail/CVE-2024-49959

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (1c62dc0)	https://git.kernel.org/stable/c/1c62dc0d82c62f0dc8fcdc4843208e522acccaf5
2	jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (3ced0fe)	https://git.kernel.org/stable/c/3ced0fe6c0eff032733ea8b38778b34707270138
3	jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (481e8f1)	https://git.kernel.org/stable/c/481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed
4	jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (70bae48)	https://git.kernel.org/stable/c/70bae48377a2c4296fd3caf4caf8f11079111019
5	jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (c6bf043)	https://git.kernel.org/stable/c/c6bf043b210eac67d35a114e345c4e5585672913
6	jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (ec7f833)	https://git.kernel.org/stable/c/ec7f8337c98ad281020ad1f11ba492462d80737a
7	jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (f5cacdc)	https://git.kernel.org/stable/c/f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a
Linux Kernel
8	Linux Kernel Archives	https://www.kernel.org

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-25-226-07	https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07
JVN
2	JVNVU#92169998	https://jvn.jp/vu/JVNVU92169998/index.html

Change Log

No	Changed Details	Date of change
1	[2024年11月08日] 掲載	Nov. 8, 2024, 10:11 a.m.
2	[2025年08月20日] 参考情報：JVN (JVNVU#92169998) を追加参考情報：ICS-CERT ADVISORY (ICSA-25-226-07) を追加	Aug. 20, 2025, 5:37 p.m.