Lucene search

Redhat.comRH:CVE-2024-42257

HistoryAug 09, 2024 - 10:19 a.m.

CVE-2024-42257

2024-08-0910:19:01

redhat.com

access.redhat.com

linux kernel

vulnerability

cve-2024-42257

ext4

s_volume_name

nul terminated

memtostr_pad

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

Percentile

9.5%

JSON

In the Linux kernel, the following vulnerability has been resolved: ext4: use memtostr_pad() for s_volume_name As with the other strings in struct ext4_super_block, s_volume_name is not NUL terminated. The other strings were marked in commit 072ebb3bffe6 (“ext4: add nonstring annotations to ext4.h”). Using strscpy() isn’t the right replacement for strncpy(); it should use memtostr_pad() instead.

References

bugzilla.redhat.com/show_bug.cgi?id=2303638

lore.kernel.org/linux-cve-announce/2024080839-CVE-2024-42257-8823@gregkh/T

nvd.nist.gov/vuln/detail/CVE-2024-42257

www.cve.org/CVERecord?id=CVE-2024-42257

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

Percentile

9.5%

JSON

Related for RH:CVE-2024-42257