VYPR
Medium severity5.5NVD Advisory· Published Jul 12, 2024· Updated Jun 17, 2026

CVE-2024-40971

CVE-2024-40971

Description

In the Linux kernel, the following vulnerability has been resolved:

f2fs: remove clear SB_INLINECRYPT flag in default_options

In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead to data corruption if wrappedkey_v0 is enable.

Thread A: Thread B:

-f2fs_remount -f2fs_file_open or f2fs_new_inode -default_options <- clear SB_INLINECRYPT flag

-fscrypt_select_encryption_impl

-parse_options <- set SB_INLINECRYPT again

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Linux/Kernel3 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=3.8,<5.10.221
    • (no CPE)
    • (no CPE)range: 3.8
  • Linux/f2fsllm-fuzzy

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.