csaf_certbund - wid-sec-w-2024-1721

wid-sec-w-2024-1721

Vulnerability from csaf_certbund

Published

2024-07-28 22:00

Modified

2024-12-03 23:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme

- UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1721 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1721.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1721 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1721"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announce vom 2024-07-28",
        "url": "http://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41013-2996@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announce vom 2024-07-28",
        "url": "http://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41014-9186@gregkh"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announce vom 2024-07-28",
        "url": "http://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41015-e5c0@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announce vom 2024-07-28",
        "url": "http://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41016-fcf9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announce vom 2024-07-28",
        "url": "http://lore.kernel.org/linux-cve-announce/2024072911-CVE-2024-41017-f367@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announce vom 2024-07-28",
        "url": "http://lore.kernel.org/linux-cve-announce/2024072911-CVE-2024-41018-3001@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announce vom 2024-07-28",
        "url": "http://lore.kernel.org/linux-cve-announce/2024072911-CVE-2024-41019-bf1d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-873E2CB5F2 vom 2024-07-29",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-873e2cb5f2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2802-1 vom 2024-08-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019133.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5747 vom 2024-08-12",
        "url": "https://security-tracker.debian.org/tracker/DSA-5747-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2896-1 vom 2024-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019185.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2894-1 vom 2024-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019182.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2892-1 vom 2024-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019188.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2901-1 vom 2024-08-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019194.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2939-1 vom 2024-08-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019211.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2940-1 vom 2024-08-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019212.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2947-1 vom 2024-08-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019220.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:6297 vom 2024-09-04",
        "url": "https://access.redhat.com/errata/RHSA-2024:6297"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3195-1 vom 2024-09-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019407.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3190-1 vom 2024-09-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019403.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3189-1 vom 2024-09-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019404.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3194-1 vom 2024-09-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019400.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3209-1 vom 2024-09-11",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/YNWVZVIFSX7PLBJX3I3PDZ4MIBERTN2Y/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3252-1 vom 2024-09-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019436.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3251-1 vom 2024-09-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019435.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:7001 vom 2024-09-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:7001"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3383-1 vom 2024-09-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019497.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:7000 vom 2024-09-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:7000"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-7000 vom 2024-09-26",
        "url": "https://linux.oracle.com/errata/ELSA-2024-7000.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3483-1 vom 2024-09-29",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2HO244EHQ65DPDJ2NOBAXLG7QYWSCUMA/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3483-1 vom 2024-09-29",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2HO244EHQ65DPDJ2NOBAXLG7QYWSCUMA/"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:7001 vom 2024-09-30",
        "url": "https://errata.build.resf.org/RLSA-2024:7001"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5782 vom 2024-10-03",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00195.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-B8B5224019 vom 2024-10-10",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-b8b5224019"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12780 vom 2024-10-14",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12780.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12782 vom 2024-10-14",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12782.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8318 vom 2024-10-23",
        "url": "https://access.redhat.com/errata/RHSA-2024:8318"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8617 vom 2024-10-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:8617"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7088-1 vom 2024-10-31",
        "url": "https://ubuntu.com/security/notices/USN-7088-1"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-8617 vom 2024-10-31",
        "url": "https://linux.oracle.com/errata/ELSA-2024-8617.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7089-1 vom 2024-11-01",
        "url": "https://ubuntu.com/security/notices/USN-7089-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7090-1 vom 2024-11-01",
        "url": "https://ubuntu.com/security/notices/USN-7090-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7089-2 vom 2024-11-04",
        "url": "https://ubuntu.com/security/notices/USN-7089-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7088-2 vom 2024-11-04",
        "url": "https://ubuntu.com/security/notices/USN-7088-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7088-3 vom 2024-11-06",
        "url": "https://ubuntu.com/security/notices/USN-7088-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7089-3 vom 2024-11-07",
        "url": "https://ubuntu.com/security/notices/USN-7089-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7095-1 vom 2024-11-07",
        "url": "https://ubuntu.com/security/notices/USN-7095-1"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:8617 vom 2024-11-08",
        "url": "https://errata.build.resf.org/RLSA-2024:8617"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7100-1 vom 2024-11-11",
        "url": "https://ubuntu.com/security/notices/USN-7100-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7100-2 vom 2024-11-12",
        "url": "https://ubuntu.com/security/notices/USN-7100-2"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12814 vom 2024-11-13",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12814.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7089-4 vom 2024-11-13",
        "url": "https://ubuntu.com/security/notices/USN-7089-4"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12815 vom 2024-11-13",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12815.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3986-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CIC23R3UQSPF2K4P2CX54TPCX5T7KWQG/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3984-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/L52VEDNTEHWEPR56WZN4KZNMEUYGCJX6/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7089-5 vom 2024-11-14",
        "url": "https://ubuntu.com/security/notices/USN-7089-5"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7088-5 vom 2024-11-14",
        "url": "https://ubuntu.com/security/notices/USN-7088-5"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7089-6 vom 2024-11-15",
        "url": "https://ubuntu.com/security/notices/USN-7089-6"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7089-7 vom 2024-11-20",
        "url": "https://ubuntu.com/security/notices/USN-7089-7"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7119-1 vom 2024-11-20",
        "url": "https://ubuntu.com/security/notices/USN-7119-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7123-1 vom 2024-11-20",
        "url": "https://ubuntu.com/security/notices/USN-7123-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10262 vom 2024-11-26",
        "url": "https://access.redhat.com/errata/RHSA-2024:10262"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4100-1 vom 2024-11-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019864.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10772 vom 2024-12-04",
        "url": "https://access.redhat.com/errata/RHSA-2024:10772"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10773 vom 2024-12-04",
        "url": "https://access.redhat.com/errata/RHSA-2024:10773"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2024-12-03T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-04T11:17:43.044+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-1721",
      "initial_release_date": "2024-07-28T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-07-28T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-07-29T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-08-06T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-12T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-08-13T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-14T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-15T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-18T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-04T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-09-10T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-11T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-16T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-23T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2024-09-25T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-09-29T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-30T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2024-10-03T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-10-10T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-10-14T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-10-23T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-10-29T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-10-31T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
        },
        {
          "date": "2024-11-03T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-04T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-05T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-06T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-10T23:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2024-11-11T23:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-12T23:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
        },
        {
          "date": "2024-11-13T23:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-11-14T23:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-19T23:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-20T23:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-25T23:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-11-28T23:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-03T23:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "36"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T036476",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-41013",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel gibt es mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie xfs, ocfs2 oder jfs und decken eine Vielzahl von Sicherheitsproblemen ab, die haupts\u00e4chlich mit der Speicherverwaltung und der Datenverarbeitung zusammenh\u00e4ngen. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T036476",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2024-07-28T22:00:00.000+00:00",
      "title": "CVE-2024-41013"
    },
    {
      "cve": "CVE-2024-41014",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel gibt es mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie xfs, ocfs2 oder jfs und decken eine Vielzahl von Sicherheitsproblemen ab, die haupts\u00e4chlich mit der Speicherverwaltung und der Datenverarbeitung zusammenh\u00e4ngen. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T036476",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2024-07-28T22:00:00.000+00:00",
      "title": "CVE-2024-41014"
    },
    {
      "cve": "CVE-2024-41015",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel gibt es mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie xfs, ocfs2 oder jfs und decken eine Vielzahl von Sicherheitsproblemen ab, die haupts\u00e4chlich mit der Speicherverwaltung und der Datenverarbeitung zusammenh\u00e4ngen. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T036476",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2024-07-28T22:00:00.000+00:00",
      "title": "CVE-2024-41015"
    },
    {
      "cve": "CVE-2024-41016",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel gibt es mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie xfs, ocfs2 oder jfs und decken eine Vielzahl von Sicherheitsproblemen ab, die haupts\u00e4chlich mit der Speicherverwaltung und der Datenverarbeitung zusammenh\u00e4ngen. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T036476",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2024-07-28T22:00:00.000+00:00",
      "title": "CVE-2024-41016"
    },
    {
      "cve": "CVE-2024-41017",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel gibt es mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie xfs, ocfs2 oder jfs und decken eine Vielzahl von Sicherheitsproblemen ab, die haupts\u00e4chlich mit der Speicherverwaltung und der Datenverarbeitung zusammenh\u00e4ngen. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T036476",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2024-07-28T22:00:00.000+00:00",
      "title": "CVE-2024-41017"
    },
    {
      "cve": "CVE-2024-41018",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel gibt es mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie xfs, ocfs2 oder jfs und decken eine Vielzahl von Sicherheitsproblemen ab, die haupts\u00e4chlich mit der Speicherverwaltung und der Datenverarbeitung zusammenh\u00e4ngen. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T036476",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2024-07-28T22:00:00.000+00:00",
      "title": "CVE-2024-41018"
    },
    {
      "cve": "CVE-2024-41019",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel gibt es mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie xfs, ocfs2 oder jfs und decken eine Vielzahl von Sicherheitsproblemen ab, die haupts\u00e4chlich mit der Speicherverwaltung und der Datenverarbeitung zusammenh\u00e4ngen. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T036476",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2024-07-28T22:00:00.000+00:00",
      "title": "CVE-2024-41019"
    }
  ]
}

cve-2024-41015

Vulnerability from cvelistv5

Published

2024-07-29 06:37

Modified

2024-12-19 09:10

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_check_dir_entry() This adds sanity checks for ocfs2_dir_entry to make sure all members of ocfs2_dir_entry don't stray beyond valid memory region.

References

▼	URL	Tags
	https://git.kernel.org/stable/c/13d38c00df97289e6fba2e54193959293fd910d2
	https://git.kernel.org/stable/c/564d23cc5b216211e1694d53f7e45959396874d0
	https://git.kernel.org/stable/c/77495e5da5cb110a8fed27b052c77853fe282176
	https://git.kernel.org/stable/c/53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7
	https://git.kernel.org/stable/c/fd65685594ee707cbf3ddf22ebb73697786ac114
	https://git.kernel.org/stable/c/e05a24289db90f76ff606086aadd62d068a88dcd
	https://git.kernel.org/stable/c/624b380074f0dc209fb8706db3295c735079f34c
	https://git.kernel.org/stable/c/edb2e67dd4626b06fd7eb37252d5067912e78d59
	https://git.kernel.org/stable/c/255547c6bb8940a97eea94ef9d464ea5967763fb

Impacted products

Vendor

Product

Version

▼

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:56.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13d38c00df97289e6fba2e54193959293fd910d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/564d23cc5b216211e1694d53f7e45959396874d0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/77495e5da5cb110a8fed27b052c77853fe282176"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd65685594ee707cbf3ddf22ebb73697786ac114"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e05a24289db90f76ff606086aadd62d068a88dcd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/624b380074f0dc209fb8706db3295c735079f34c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/edb2e67dd4626b06fd7eb37252d5067912e78d59"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/255547c6bb8940a97eea94ef9d464ea5967763fb"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41015",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:46.545116Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:05.831Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "13d38c00df97289e6fba2e54193959293fd910d2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "564d23cc5b216211e1694d53f7e45959396874d0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "77495e5da5cb110a8fed27b052c77853fe282176",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fd65685594ee707cbf3ddf22ebb73697786ac114",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e05a24289db90f76ff606086aadd62d068a88dcd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "624b380074f0dc209fb8706db3295c735079f34c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "edb2e67dd4626b06fd7eb37252d5067912e78d59",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "255547c6bb8940a97eea94ef9d464ea5967763fb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.319",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_check_dir_entry()\n\nThis adds sanity checks for ocfs2_dir_entry to make sure all members of\nocfs2_dir_entry don\u0027t stray beyond valid memory region."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:10:06.167Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/13d38c00df97289e6fba2e54193959293fd910d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/564d23cc5b216211e1694d53f7e45959396874d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/77495e5da5cb110a8fed27b052c77853fe282176"
        },
        {
          "url": "https://git.kernel.org/stable/c/53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd65685594ee707cbf3ddf22ebb73697786ac114"
        },
        {
          "url": "https://git.kernel.org/stable/c/e05a24289db90f76ff606086aadd62d068a88dcd"
        },
        {
          "url": "https://git.kernel.org/stable/c/624b380074f0dc209fb8706db3295c735079f34c"
        },
        {
          "url": "https://git.kernel.org/stable/c/edb2e67dd4626b06fd7eb37252d5067912e78d59"
        },
        {
          "url": "https://git.kernel.org/stable/c/255547c6bb8940a97eea94ef9d464ea5967763fb"
        }
      ],
      "title": "ocfs2: add bounds checking to ocfs2_check_dir_entry()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41015",
    "datePublished": "2024-07-29T06:37:01.651Z",
    "dateReserved": "2024-07-12T12:17:45.612Z",
    "dateUpdated": "2024-12-19T09:10:06.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-41017

Vulnerability from cvelistv5

Published

2024-07-29 06:37

Modified

2024-12-19 09:10

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: jfs: don't walk off the end of ealist Add a check before visiting the members of ea to make sure each ea stays within the ealist.

References

▼	URL	Tags
	https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746
	https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5
	https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce
	https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e
	https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8
	https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751
	https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375
	https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73
	https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4

Impacted products

Vendor

Product

Version

▼

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:56.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:38.749773Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:05.610Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7f91bd0f2941fa36449ce1a15faaa64f840d9746",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7e21574195a45fc193555fa40e99fed16565ff7e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "4e034f7e563ab723b93a59980e4a1bb33198ece8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "17440dbc66ab98b410514b04987f61deedb86751",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f4435f476b9bf059cd9e26a69f5b29c768d00375",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "dbde7bc91093fa9c2410e418b236b70fde044b73",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d0fa70aca54c8643248e89061da23752506ec0d4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.319",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: don\u0027t walk off the end of ealist\n\nAdd a check before visiting the members of ea to\nmake sure each ea stays within the ealist."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:10:08.580Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5"
        },
        {
          "url": "https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8"
        },
        {
          "url": "https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4"
        }
      ],
      "title": "jfs: don\u0027t walk off the end of ealist",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41017",
    "datePublished": "2024-07-29T06:37:03.390Z",
    "dateReserved": "2024-07-12T12:17:45.612Z",
    "dateUpdated": "2024-12-19T09:10:08.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-41013

Vulnerability from cvelistv5

Published

2024-07-29 06:36

Modified

2024-12-27 13:35

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start offset of the dup and dep is within the range. So in a crafted image, if last entry is xfs_dir2_data_unused, we can change dup->length to dup->length-1 and leave 1 byte of space. In the next traversal, this space will be considered as dup or dep. We may encounter an out of bound read when accessing the fixed members. In the patch, we make sure that the remaining bytes large enough to hold an unused entry before accessing xfs_dir2_data_unused and xfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make sure that the remaining bytes large enough to hold a dirent with a single-byte name before accessing xfs_dir2_data_entry.

References

▼	URL	Tags
	https://git.kernel.org/stable/c/ca96d83c93071f95cf962ce92406621a472df31b
	https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a

Impacted products

Vendor

Product

Version

▼

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:56.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41013",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:52.783178Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:06.070Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/xfs/libxfs/xfs_dir2_data.c",
            "fs/xfs/libxfs/xfs_dir2_priv.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ca96d83c93071f95cf962ce92406621a472df31b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0c7fcdb6d06cdf8b19b57c17605215b06afa864a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/xfs/libxfs/xfs_dir2_data.c",
            "fs/xfs/libxfs/xfs_dir2_priv.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.68",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don\u0027t walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don\u0027t stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup-\u003elength to dup-\u003elength-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-27T13:35:37.721Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ca96d83c93071f95cf962ce92406621a472df31b"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a"
        }
      ],
      "title": "xfs: don\u0027t walk off the end of a directory data block",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41013",
    "datePublished": "2024-07-29T06:36:59.930Z",
    "dateReserved": "2024-07-12T12:17:45.611Z",
    "dateUpdated": "2024-12-27T13:35:37.721Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-41018

Vulnerability from cvelistv5

Published

2024-07-29 06:37

Modified

2024-12-19 09:10

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add a check for attr_names and oatbl Added out-of-bound checking for *ane (ATTR_NAME_ENTRY).

References

▼	URL	Tags
	https://git.kernel.org/stable/c/f3124d51e4e7b56a732419d8dc270e807252334f
	https://git.kernel.org/stable/c/c114d2b88f8b226d4b2acf5a1ba0412cde6c31dd
	https://git.kernel.org/stable/c/9b71f820f7168f1eab8378c80c7ea8a022a475bc
	https://git.kernel.org/stable/c/702d4930eb06dcfda85a2fa67e8a1a27bfa2a845

Impacted products

Vendor

Product

Version

▼

Linux

Version: e0b64e4ad2eb013fd3299e34e7fe5e19f321e140
Version: 865e7a7700d930d34895a70f8af2eb4e778a5b0e
Version: 865e7a7700d930d34895a70f8af2eb4e778a5b0e
Version: 865e7a7700d930d34895a70f8af2eb4e778a5b0e

Linux

Version: 6.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:56.071Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f3124d51e4e7b56a732419d8dc270e807252334f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c114d2b88f8b226d4b2acf5a1ba0412cde6c31dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9b71f820f7168f1eab8378c80c7ea8a022a475bc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/702d4930eb06dcfda85a2fa67e8a1a27bfa2a845"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:35.520516Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:05.489Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/fslog.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f3124d51e4e7b56a732419d8dc270e807252334f",
              "status": "affected",
              "version": "e0b64e4ad2eb013fd3299e34e7fe5e19f321e140",
              "versionType": "git"
            },
            {
              "lessThan": "c114d2b88f8b226d4b2acf5a1ba0412cde6c31dd",
              "status": "affected",
              "version": "865e7a7700d930d34895a70f8af2eb4e778a5b0e",
              "versionType": "git"
            },
            {
              "lessThan": "9b71f820f7168f1eab8378c80c7ea8a022a475bc",
              "status": "affected",
              "version": "865e7a7700d930d34895a70f8af2eb4e778a5b0e",
              "versionType": "git"
            },
            {
              "lessThan": "702d4930eb06dcfda85a2fa67e8a1a27bfa2a845",
              "status": "affected",
              "version": "865e7a7700d930d34895a70f8af2eb4e778a5b0e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/fslog.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add a check for attr_names and oatbl\n\nAdded out-of-bound checking for *ane (ATTR_NAME_ENTRY)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:10:09.819Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f3124d51e4e7b56a732419d8dc270e807252334f"
        },
        {
          "url": "https://git.kernel.org/stable/c/c114d2b88f8b226d4b2acf5a1ba0412cde6c31dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b71f820f7168f1eab8378c80c7ea8a022a475bc"
        },
        {
          "url": "https://git.kernel.org/stable/c/702d4930eb06dcfda85a2fa67e8a1a27bfa2a845"
        }
      ],
      "title": "fs/ntfs3: Add a check for attr_names and oatbl",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41018",
    "datePublished": "2024-07-29T06:37:04.372Z",
    "dateReserved": "2024-07-12T12:17:45.612Z",
    "dateUpdated": "2024-12-19T09:10:09.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-41016

Vulnerability from cvelistv5

Published

2024-07-29 06:37

Modified

2024-12-19 09:10

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images.

References

▼	URL	Tags
	https://git.kernel.org/stable/c/e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090
	https://git.kernel.org/stable/c/e8f9c4af7af7e9e4cd09c0251c7936593147419f
	https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637
	https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e
	https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180
	https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e
	https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa
	https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262

Impacted products

Vendor

Product

Version

▼

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:55.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41016",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:43.120825Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:05.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e8f9c4af7af7e9e4cd09c0251c7936593147419f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "57a3d89831fcaa2cdbe024b47c7c36d5a56c3637",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c031d286eceb82f72f8623b7f4abd2aa491bfb5e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "cfb926051fab19b10d1e65976211f364aa820180",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c726dea9d0c806d64c26fcef483b1fb9474d8c5e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e4ffea01adf3323c821b6f37e9577d2d400adbaa",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "af77c4fc1871847b528d58b7fdafb4aa1f6a9262",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.112",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.53",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe \u0027non-indexed\u0027, which saved with additional space\nrequested.  It\u0027s better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:10:07.327Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8f9c4af7af7e9e4cd09c0251c7936593147419f"
        },
        {
          "url": "https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637"
        },
        {
          "url": "https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e"
        },
        {
          "url": "https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180"
        },
        {
          "url": "https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa"
        },
        {
          "url": "https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262"
        }
      ],
      "title": "ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41016",
    "datePublished": "2024-07-29T06:37:02.530Z",
    "dateReserved": "2024-07-12T12:17:45.612Z",
    "dateUpdated": "2024-12-19T09:10:07.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-41014

Vulnerability from cvelistv5

Published

2024-07-29 06:37

Modified

2024-12-19 09:10

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed members of xlog_op_header in the xlog_recover_process_data. We can create a crafted image to trigger an out of bounds read by following these steps: 1) Mount an image of xfs, and do some file operations to leave records 2) Before umounting, copy the image for subsequent steps to simulate abnormal exit. Because umount will ensure that tail_blk and head_blk are the same, which will result in the inability to enter xlog_recover_process_data 3) Write a tool to parse and modify the copied image in step 2 4) Make the end of the xlog_op_header entries only 1 byte away from xlog_rec_header->h_size 5) xlog_rec_header->h_num_logops++ 6) Modify xlog_rec_header->h_crc Fix: Add a check to make sure there is sufficient space to access fixed members of xlog_op_header.

References

▼	URL	Tags
	https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143
	https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1
	https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196

Impacted products

Vendor

Product

Version

▼

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:55.916Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41014",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:49.673152Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:05.954Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/xfs/xfs_log_recover.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d1e3efe783365db59da88f08a2e0bfe1cc95b143",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fb63435b7c7dc112b1ae1baea5486e0a6e27b196",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/xfs/xfs_log_recover.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n    1) Mount an image of xfs, and do some file operations to leave records\n    2) Before umounting, copy the image for subsequent steps to simulate\n       abnormal exit. Because umount will ensure that tail_blk and\n       head_blk are the same, which will result in the inability to enter\n       xlog_recover_process_data\n    3) Write a tool to parse and modify the copied image in step 2\n    4) Make the end of the xlog_op_header entries only 1 byte away from\n       xlog_rec_header-\u003eh_size\n    5) xlog_rec_header-\u003eh_num_logops++\n    6) Modify xlog_rec_header-\u003eh_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:10:04.997Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143"
        },
        {
          "url": "https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196"
        }
      ],
      "title": "xfs: add bounds checking to xlog_recover_process_data",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41014",
    "datePublished": "2024-07-29T06:37:00.826Z",
    "dateReserved": "2024-07-12T12:17:45.611Z",
    "dateUpdated": "2024-12-19T09:10:04.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-41019

Vulnerability from cvelistv5

Published

2024-07-29 06:37

Modified

2024-12-19 09:10

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate ff offset This adds sanity checks for ff offset. There is a check on rt->first_free at first, but walking through by ff without any check. If the second ff is a large offset. We may encounter an out-of-bound read.

References

▼	URL	Tags
	https://git.kernel.org/stable/c/35652dfa8cc9a8a900ec0f1e0395781f94ffc5f0
	https://git.kernel.org/stable/c/818a257428644b8873e79c44404d8fb6598d4440
	https://git.kernel.org/stable/c/6ae7265a7b816879fd0203e83b5030d3720bbb7a
	https://git.kernel.org/stable/c/82c94e6a7bd116724738aa67eba6f5fedf3a3319
	https://git.kernel.org/stable/c/617cf144c206f98978ec730b17159344fd147cb4
	https://git.kernel.org/stable/c/50c47879650b4c97836a0086632b3a2e300b0f06

Impacted products

Vendor

Product

Version

▼

Linux

Version: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e
Version: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e
Version: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e
Version: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e
Version: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e
Version: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e

Linux

Version: 5.15

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:56.076Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/35652dfa8cc9a8a900ec0f1e0395781f94ffc5f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/818a257428644b8873e79c44404d8fb6598d4440"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ae7265a7b816879fd0203e83b5030d3720bbb7a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82c94e6a7bd116724738aa67eba6f5fedf3a3319"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/617cf144c206f98978ec730b17159344fd147cb4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/50c47879650b4c97836a0086632b3a2e300b0f06"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41019",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:32.092884Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:05.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/fslog.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "35652dfa8cc9a8a900ec0f1e0395781f94ffc5f0",
              "status": "affected",
              "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
              "versionType": "git"
            },
            {
              "lessThan": "818a257428644b8873e79c44404d8fb6598d4440",
              "status": "affected",
              "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
              "versionType": "git"
            },
            {
              "lessThan": "6ae7265a7b816879fd0203e83b5030d3720bbb7a",
              "status": "affected",
              "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
              "versionType": "git"
            },
            {
              "lessThan": "82c94e6a7bd116724738aa67eba6f5fedf3a3319",
              "status": "affected",
              "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
              "versionType": "git"
            },
            {
              "lessThan": "617cf144c206f98978ec730b17159344fd147cb4",
              "status": "affected",
              "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
              "versionType": "git"
            },
            {
              "lessThan": "50c47879650b4c97836a0086632b3a2e300b0f06",
              "status": "affected",
              "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/fslog.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Validate ff offset\n\nThis adds sanity checks for ff offset. There is a check\non rt-\u003efirst_free at first, but walking through by ff\nwithout any check. If the second ff is a large offset.\nWe may encounter an out-of-bound read."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:10:11.058Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/35652dfa8cc9a8a900ec0f1e0395781f94ffc5f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/818a257428644b8873e79c44404d8fb6598d4440"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ae7265a7b816879fd0203e83b5030d3720bbb7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/82c94e6a7bd116724738aa67eba6f5fedf3a3319"
        },
        {
          "url": "https://git.kernel.org/stable/c/617cf144c206f98978ec730b17159344fd147cb4"
        },
        {
          "url": "https://git.kernel.org/stable/c/50c47879650b4c97836a0086632b3a2e300b0f06"
        }
      ],
      "title": "fs/ntfs3: Validate ff offset",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41019",
    "datePublished": "2024-07-29T06:37:05.300Z",
    "dateReserved": "2024-07-12T12:17:45.613Z",
    "dateUpdated": "2024-12-19T09:10:11.058Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_certbund

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature