CVE-2024-47757

Nov. 8, 2024, 4:15 p.m.

7.1
High

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfs_btree_check_delete() The function nilfs_btree_check_delete(), which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory access outside the block buffer when retrieving the maximum key if the root node has no entries. This does not usually happen because b-tree mappings with 0 child nodes are never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen if the b-tree root node read from a device is configured that way, so fix this potential issue by adding a check for that case.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/257f9e5185eb6de83377caea686c306e22e871f2
https://git.kernel.org/stable/c/a33e967b681e088a125b979975c93e3453e686cd
https://git.kernel.org/stable/c/a8abfda768b9f33630cfbc4af6c4214f1e5681b0
https://git.kernel.org/stable/c/c4cbcc64bb31e67e02940ce060cc77f7180564cf
https://git.kernel.org/stable/c/c4f8554996e8ada3be872dfb8f60e93bcf15fb27
https://git.kernel.org/stable/c/d20674f31626e0596ae4c1d9401dfb6739b81b58
https://git.kernel.org/stable/c/ed76d381dae125b81d09934e365391a656249da8
https://git.kernel.org/stable/c/f3a9859767c7aea758976f5523903d247e585129
https://git.kernel.org/stable/c/f9c96351aa6718b42a9f42eaf7adce0356bdb5e8

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-125
2024-10-21
CVE-2024-47757

CVSS Score

7.1 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

    View Vector String

Timeline

Published: Oct. 21, 2024, 1:15 p.m.
Last Modified: Nov. 8, 2024, 4:15 p.m.

Status : Modified

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.