Linux Distros Unpatched Vulnerability : CVE-2024-40972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: do not create EA inode under buffer lock ext4xattrsetentry creates new EA inodes while holding buffer lock on the external xattr block. This is problemati...

kernel: ext4: set goal start correctly in ext4_mb_normalize_request

A flaw was found in the Linux kernel's ext4 filesystem block allocator. In ext4mbnormalizerequest, the goal start was being set incorrectly acfex instead of acgex, and boundary validation was missing. Without proper range checking, an underflow in ar-pright - size could pass an invalid value to...