7.8

CVE-2024-26981

nilfs2: fix OOB in nilfs_set_de_type

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix OOB in nilfs_set_de_type

The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is
defined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function,
which uses this array, specifies the index to read from the array in the
same way as "(mode & S_IFMT) >> S_SHIFT".

static void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode
 *inode)
{
	umode_t mode = inode->i_mode;

	de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob
}

However, when the index is determined this way, an out-of-bounds (OOB)
error occurs by referring to an index that is 1 larger than the array size
when the condition "mode & S_IFMT == S_IFMT" is satisfied.  Therefore, a
patch to resize the nilfs_type_by_mode array should be applied to prevent
OOB errors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.30 < 4.19.313
LinuxLinux Kernel Version >= 4.20 < 5.4.275
LinuxLinux Kernel Version >= 5.5 < 5.10.216
LinuxLinux Kernel Version >= 5.11 < 5.15.157
LinuxLinux Kernel Version >= 5.16 < 6.1.88
LinuxLinux Kernel Version >= 6.2 < 6.6.29
LinuxLinux Kernel Version >= 6.7 < 6.8.8
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
LinuxLinux Kernel Version6.9 Updaterc3
LinuxLinux Kernel Version6.9 Updaterc4
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.185
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Third Party Advisory
Mailing List
https://git.kernel.org/stable/c/054f29e9ca05be3906544c5f2a2c7321c30a4243
Patch
https://git.kernel.org/stable/c/2382eae66b196c31893984a538908c3eb7506ff9
Patch
https://git.kernel.org/stable/c/7061c7efbb9e8f11ce92d6b4646405ea2b0b4de1
Patch
https://git.kernel.org/stable/c/897ac5306bbeb83e90c437326f7044c79a17c611
Patch
https://git.kernel.org/stable/c/90823f8d9ecca3d5fa6b102c8e464c62f416975f
Patch
https://git.kernel.org/stable/c/90f43980ea6be4ad903e389be9a27a2a0018f1c8
Patch
https://git.kernel.org/stable/c/bdbe483da21f852c93b22557b146bc4d989260f0
Patch
https://git.kernel.org/stable/c/c4a7dc9523b59b3e73fd522c73e95e072f876b16
Patch
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/