In the Linux kernel, the following vulnerability has been resolved:
orangefs: fix out-of-bounds fsid access
Arnd Bergmann sent a patch to fsdevel, he says:
“orangefs_statfs() copies two consecutive fields of the superblock into
the statfs structure, which triggers a warning from the string
fortification
helpers”
Jan Kara suggested an alternate way to do the patch to make it more
readable.
I ran both ideas through xfstests and both seem fine. This patch
is based on Jan Kara’s suggestion.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < any | UNKNOWN |
git.kernel.org/linus/53e4efa470d5fc6a96662d2d3322cfc925818517 (6.10-rc1)
git.kernel.org/stable/c/137a06dc0ff8b2d2069c2345d015ef0fa71df1ed
git.kernel.org/stable/c/1617249e24bd04c8047956afb43feec4876d1715
git.kernel.org/stable/c/53e4efa470d5fc6a96662d2d3322cfc925818517
git.kernel.org/stable/c/556edaa27c27db24a0f34c78cebef90e5bb6e167
git.kernel.org/stable/c/6a3cacf6d3cf0278aa90392aef2fc3fe2717a047
git.kernel.org/stable/c/74159d409da82269311a60256aad8ae8753da450
git.kernel.org/stable/c/b90176a9553775e23966650e445b1866e62e4924
git.kernel.org/stable/c/de8a5f7b71800a11fbaffc8ddacf08ead78afcc5
launchpad.net/bugs/cve/CVE-2024-42143
nvd.nist.gov/vuln/detail/CVE-2024-42143
security-tracker.debian.org/tracker/CVE-2024-42143
www.cve.org/CVERecord?id=CVE-2024-42143