Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-26791
HistoryApr 04, 2024 - 12:00 a.m.

CVE-2024-26791

2024-04-0400:00:00
ubuntu.com
ubuntu.com
14
linux kernel
vulnerability
btrfs
device names
validation
syzbot
out of bounds
getname_kernel
buffer initialization
edward adam davis
security fix

AI Score

7.6

Confidence

High

EPSS

0

Percentile

13.0%

In the Linux kernel, the following vulnerability has been resolved: btrfs:
dev-replace: properly validate device names There’s a syzbot report that
device name buffers passed to device replace are not properly checked for
string termination which could lead to a read out of bounds in
getname_kernel(). Add a helper that validates both source and target device
name buffers. For devid as the source initialize the buffer to empty string
in case something tries to read it later. This was originally analyzed and
fixed in a different way by Edward Adam Davis (see links).

Rows per page:
1-10 of 521

References

AI Score

7.6

Confidence

High

EPSS

0

Percentile

13.0%