vulnerability
Amazon Linux AMI 2: CVE-2024-39469: Security patch for kernel (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:L/Au:S/C:N/I:C/A:C) | Jun 25, 2024 | May 21, 2025 | May 20, 2026 |
Description
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
The error handling in nilfs_empty_dir() when a directory folio/page read
fails is incorrect, as in the old ext2 implementation, and if the
folio/page cannot be read or nilfs_check_folio() fails, it will falsely
determine the directory as empty and corrupt the file system.
In addition, since nilfs_empty_dir() does not immediately return on a
failed folio/page read, but continues to loop, this can cause a long loop
with I/O if i_size of the directory's inode is also corrupted, causing the
log writer thread to wait and hang, as reported by syzbot.
Fix these issues by making nilfs_empty_dir() immediately return a false
value (0) if it fails to get a directory folio/page.
Solutions
References
- AMAZON-AL2/ALAS-2024-2622
- AMAZON-AL2/ALAS-2026-3165
- AMAZON-AL2/ALAS2KERNEL-5.10-2024-066
- AMAZON-AL2/ALAS2KERNEL-5.4-2024-084
- AMAZON-AL2/ALASKERNEL-5.10-2024-066
- AMAZON-AL2/ALASKERNEL-5.4-2024-084
- CVE-2024-39469
- https://attackerkb.com/topics/CVE-2024-39469
- EUVD-EUVD-2024-37994
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-37994
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.