CVE-2024-47723

Nov. 8, 2024, 4:15 p.m.

7.1
High

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: fix out-of-bounds in dbNextAG() and diAlloc() In dbNextAG() , there is no check for the case where bmp->db_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. Therefore, a bounds check should be added in dbMount(). And in dbNextAG(), a check for the case where agpref is greater than bmp->db_numag should be added, so an out-of-bounds exception should be prevented. Additionally, a check for the case where agno is greater or same than MAXAG should be added in diAlloc() to prevent out-of-bounds.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/0338e66cba272351ca9d7d03f3628e390e70963b
https://git.kernel.org/stable/c/128d5cfdcf844cb690c9295a3a1c1114c21fc15a
https://git.kernel.org/stable/c/5ad6284c8d433f8a213111c5c44ead4d9705b622
https://git.kernel.org/stable/c/6ce8b6ab44a8b5918c0ee373d4ad19d19017931b
https://git.kernel.org/stable/c/96855f40e152989c9e7c20c4691ace5581098acc
https://git.kernel.org/stable/c/c1ba4b8ca799ff1d99d01f37d7ccb7d5ba5533d2
https://git.kernel.org/stable/c/d1017d2a0f3f16dc1db5120e7ddbe7c6680425b0
https://git.kernel.org/stable/c/e63866a475562810500ea7f784099bfe341e761a
https://git.kernel.org/stable/c/ead82533278502428883085a787d5a00f15e5eb9

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-125
2024-10-21
CVE-2024-47723

CVSS Score

7.1 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

    View Vector String

Timeline

Published: Oct. 21, 2024, 1:15 p.m.
Last Modified: Nov. 8, 2024, 4:15 p.m.

Status : Modified

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.