Lucene search

K
cveLinuxCVE-2024-41016
HistoryJul 29, 2024 - 7:15 a.m.

CVE-2024-41016

2024-07-2907:15:06
Linux
web.nvd.nist.gov
33
linux kernel
ocfs2
xattr
bound check
memcmp
vulnerability
fix

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

9.4%

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()

xattr in ocfs2 maybe ‘non-indexed’, which saved with additional space
requested. It’s better to check if the memory is out of bound before
memcmp, although this possibility mainly comes from crafted poisonous
images.

Affected configurations

Vulners
Node
linuxlinux_kernelRange6.06.11
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/ocfs2/xattr.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "af77c4fc1871",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/ocfs2/xattr.c"
    ],
    "versions": [
      {
        "version": "6.11",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

9.4%