{"id":"CVE-2024-53235","summary":"erofs: fix file-backed mounts over FUSE","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix file-backed mounts over FUSE\n\nsyzbot reported a null-ptr-deref in fuse_read_args_fill:\n fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905\n filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367\n do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825\n read_mapping_folio include/linux/pagemap.h:1011 [inline]\n erofs_bread+0x34d/0x7e0 fs/erofs/data.c:41\n erofs_read_superblock fs/erofs/super.c:281 [inline]\n erofs_fc_fill_super+0x2b9/0x2500 fs/erofs/super.c:625\n\nUnlike most filesystems, some network filesystems and FUSE need\nunavoidable valid `file` pointers for their read I/Os [1].\nAnyway, those use cases need to be supported too.\n\n[1] https://docs.kernel.org/filesystems/vfs.html","modified":"2026-03-20T12:40:50.440750Z","published":"2024-12-27T13:50:21.674Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53235.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3a23787ca8756920d65fda39f41353a4be1d1642"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5036f2f024cac40a02ea6ea70de2c3a4407d16bc"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53235.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53235"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fb176750266a3d7f42ebdcf28e8ba40350b27847"},{"fixed":"5036f2f024cac40a02ea6ea70de2c3a4407d16bc"},{"fixed":"3a23787ca8756920d65fda39f41353a4be1d1642"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53235.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}