github - ghsa-966p-c3x9-6gp2

ghsa-966p-c3x9-6gp2

Vulnerability from github

Published

2024-07-29 18:30

Modified

2025-10-09 18:30

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

bcachefs: Fix sb_field_downgrade validation

bch2_sb_downgrade_validate() wasn't checking for a downgrade entry extending past the end of the superblock section
for_each_downgrade_entry() is used in to_text() and needs to work on malformed input; it also was missing a check for a field extending past the end of the section

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-41086"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-29T16:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Fix sb_field_downgrade validation\n\n- bch2_sb_downgrade_validate() wasn\u0027t checking for a downgrade entry\n  extending past the end of the superblock section\n\n- for_each_downgrade_entry() is used in to_text() and needs to work on\n  malformed input; it also was missing a check for a field extending\n  past the end of the section",
  "id": "GHSA-966p-c3x9-6gp2",
  "modified": "2025-10-09T18:30:25Z",
  "published": "2024-07-29T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41086"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/692aa7a54b2b28d59f24b3bf8250837805484b99"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf920ed92ef24dcd6970c88881cd4700b3acf05b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-41086 (GCVE-0-2024-41086)

Vulnerability from cvelistv5

Published

2024-07-29 15:48

Modified

2025-05-04 09:21

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Fix sb_field_downgrade validation - bch2_sb_downgrade_validate() wasn't checking for a downgrade entry extending past the end of the superblock section - for_each_downgrade_entry() is used in to_text() and needs to work on malformed input; it also was missing a check for a field extending past the end of the section

References

URL

Tags

	https://git.kernel.org/stable/c/bf920ed92ef24dcd6970c88881cd4700b3acf05b
	https://git.kernel.org/stable/c/692aa7a54b2b28d59f24b3bf8250837805484b99

Impacted products

Vendor

Product

Version

Version: 84f1638795da1ff2084597de4251e9054f1ad728
Version: 84f1638795da1ff2084597de4251e9054f1ad728

Version: 6.7

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:46:52.363Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bf920ed92ef24dcd6970c88881cd4700b3acf05b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/692aa7a54b2b28d59f24b3bf8250837805484b99"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41086",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:20:49.092454Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:58.845Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/bcachefs/sb-downgrade.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bf920ed92ef24dcd6970c88881cd4700b3acf05b",
              "status": "affected",
              "version": "84f1638795da1ff2084597de4251e9054f1ad728",
              "versionType": "git"
            },
            {
              "lessThan": "692aa7a54b2b28d59f24b3bf8250837805484b99",
              "status": "affected",
              "version": "84f1638795da1ff2084597de4251e9054f1ad728",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/bcachefs/sb-downgrade.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Fix sb_field_downgrade validation\n\n- bch2_sb_downgrade_validate() wasn\u0027t checking for a downgrade entry\n  extending past the end of the superblock section\n\n- for_each_downgrade_entry() is used in to_text() and needs to work on\n  malformed input; it also was missing a check for a field extending\n  past the end of the section"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:21:46.571Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bf920ed92ef24dcd6970c88881cd4700b3acf05b"
        },
        {
          "url": "https://git.kernel.org/stable/c/692aa7a54b2b28d59f24b3bf8250837805484b99"
        }
      ],
      "title": "bcachefs: Fix sb_field_downgrade validation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41086",
    "datePublished": "2024-07-29T15:48:02.175Z",
    "dateReserved": "2024-07-12T12:17:45.634Z",
    "dateUpdated": "2025-05-04T09:21:46.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.