cve/2024/CVE-2024-26590.md

### [CVE-2024-26590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26590)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=8f89926290c4%3C%2047467e04816c%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Linux kernel, the following vulnerability has been resolved:erofs: fix inconsistent per-file compression formatEROFS can select compression algorithms on a per-file basis, and eachper-file compression algorithm needs to be marked in the on-disksuperblock for initialization.However, syzkaller can generate inconsistent crafted images that usean unsupported algorithmtype for specific inodes, e.g. use MicroLZMAalgorithmtype even it's not set in `sbi->available_compr_algs`.  Thiscan lead to an unexpected "BUG: kernel NULL pointer dereference" ifthe corresponding decompressor isn't built-in.Fix this by checking against `sbi->available_compr_algs` for eachm_algorithmformat request.  Incorrect !erofs_sb_has_compr_cfgs presetbitmap is now fixed together since it was harmless previously.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds