{
  "threat_severity" : "Moderate",
  "public_date" : "2024-08-26T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ext4: sanity check for NULL pointer after ext4_force_shutdown",
    "id" : "2307871",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2307871"
  },
  "cvss3" : {
    "cvss3_base_score" : "0.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "[REJECTED CVE] A NULL pointer dereference vulnerability has been identified in the Linux Kernel's ext4 filesystem. The issue occurs during concurrent write operations with inline data, where an ext4_force_shutdown is triggered due to inconsistencies like \"block bitmap and bg descriptor inconsistent.\" This shutdown disrupts inline data handling, failing to restore the EXT4_STATE_MAY_INLINE_DATA flag. As a result, subsequent operations, such as in ext4_da_write_end, may attempt to dereference an unset page folio private pointer, leading to potential kernel crashes." ],
  "statement" : "This CVE has been rejected upstream:\nhttps://lore.kernel.org/linux-cve-announce/2024091044-REJECTED-8d12@gregkh/T/\nRed Hat has also evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. \nAs such, this CVE has been marked as \"Rejected\" in alignment with Red Hat's vulnerability management policies.\nIf you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-43898\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-43898\nhttps://lore.kernel.org/linux-cve-announce/2024082613-CVE-2024-43898-52c2@gregkh/T" ],
  "name" : "CVE-2024-43898",
  "csaw" : false
}