Lucene search

GoogleOSV:CVE-2024-43857

HistoryAug 17, 2024 - 10:15 a.m.

CVE-2024-43857

2024-08-1710:15:10

Google

osv.dev

linux kernel

f2fs

null reference error

end of zone

mounted

single device

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

JSON

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix null reference error when checking end of zone

This patch fixes a potentially null pointer being accessed by
is_end_zone_blkaddr() that checks the last block of a zone
when f2fs is mounted as a single device.

References

git.kernel.org/stable/c/381cbe85592c78fbaeb3e770e3e9f3bfa3e67efb

git.kernel.org/stable/c/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38

security-tracker.debian.org/tracker/CVE-2024-43857

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

JSON

Related for OSV:CVE-2024-43857