CVE-2024-39482

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 14

NVD Status Analyzed

In the Linux kernel, the following vulnerability has been resolved:

bcache: fix variable length array abuse in btree_iter

btree_iter is used in two ways: either allocated on the stack with a
fixed size MAX_BSETS, or from a mempool with a dynamic size based on the
specific cache set. Previously, the struct had a fixed-length array of
size MAX_BSETS which was indexed out-of-bounds for the dynamically-sized
iterators, which causes UBSAN to complain.

This patch uses the same approach as in bcachefs's sort_iter and splits
the iterator into a btree_iter with a flexible array member and a
btree_iter_stack which embeds a btree_iter as well as a fixed-length
data array.

Weaknesses

CWE-770: Allocation of Resources Without Limits or Throttling

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: kernel.org
Published Date: 2024-07-05 07:15:10
(2 months ago)
Updated Date: 2024-07-08 18:00:28
(2 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 5.10 version and prior 5.10.221 version	cpe:2.3:o:linux:linux_kernel	>= 5.10	< 5.10.221
Linux Kernel from 5.15 version and prior 5.15.162 version	cpe:2.3:o:linux:linux_kernel	>= 5.15	< 5.15.162
Linux Kernel from 6.1 version and prior 6.1.94 version	cpe:2.3:o:linux:linux_kernel	>= 6.1	< 6.1.94
Linux Kernel from 6.6 version and prior 6.6.34 version	cpe:2.3:o:linux:linux_kernel	>= 6.6	< 6.6.34
Linux Kernel from 6.9 version and prior 6.9.5 version	cpe:2.3:o:linux:linux_kernel	>= 6.9	< 6.9.5