CVE-2024-50088

HIGH 7.8

btrfs: fix uninitialized pointer free in add_inode_ref()

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free in add_inode_ref() The add_inode_ref() function does not initialize the "name" struct when it is declared. If any of the following calls to "read_one_inode() returns NULL, dir = read_one_inode(root, parent_objectid); if (!dir) { ret = -ENOENT; goto out; } inode = read_one_inode(root, inode_objectid); if (!inode) { ret = -EIO; goto out; } then "name.name" would be freed on "out" before being initialized. out: ... kfree(name.name); This issue was reported by Coverity with CID 1526744.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Oct 29, 2024
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

1cf474cd474bc5d3ef63086ffd009a87a5b7bb2e < 12cf028381aa19bc38465341512c280256e8d82d e43eec81c5167b655b72c781b0e75e62a05e415e < e11ce03b58743bf1e096c48fcaa7e6f08eb75dfa e43eec81c5167b655b72c781b0e75e62a05e415e < a941f3d5b1469c60a7e70e775584f110b47e0d16 e43eec81c5167b655b72c781b0e75e62a05e415e < 66691c6e2f18d2aa4b22ffb624b9bdc97e9979e4

Linux / Linux

6.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/12cf028381aa19bc38465341512c280256e8d82d git.kernel.org: https://git.kernel.org/stable/c/e11ce03b58743bf1e096c48fcaa7e6f08eb75dfa git.kernel.org: https://git.kernel.org/stable/c/a941f3d5b1469c60a7e70e775584f110b47e0d16 git.kernel.org: https://git.kernel.org/stable/c/66691c6e2f18d2aa4b22ffb624b9bdc97e9979e4 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html