CVE-2024-39472
CVSS v3.1
5.5 (Medium)
EPSS
0.04 % (5th)
Affected Products
1
Advisories
11
NVD Status
Modified
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix log recovery buffer allocation for the legacy h_size fixup
Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by
mkfs") added a fixup for incorrect h_size values used for the initial
umount record in old xfsprogs versions. Later commit 0c771b99d6c9
("xfs: clean up calculation of LR header blocks") cleaned up the log
reover buffer calculation, but stoped using the fixed up h_size value
to size the log recovery buffer, which can lead to an out of bounds
access when the incorrect h_size does not come from the old mkfs
tool, but a fuzzer.
Fix this by open coding xlog_logrec_hblks and taking the fixed h_size
into account for this calculation.
Weaknesses
- CWE-770
- Allocation of Resources Without Limits or Throttling
- CVE Status
- PUBLISHED
- NVD Status
- Modified
- CNA
- kernel.org
- Published Date
-
2024-07-05 07:15:10
(2 months ago) - Updated Date
-
2024-08-19 05:15:06
(4 weeks ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...