7.1

CVE-2024-26982

EPSS 0.03%
Published 01.05.2024 06:15:15
Last modified 04.11.2025 18:15:58
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

Squashfs: check the inode number is not the invalid value of zero

Syskiller has produced an out of bounds access in fill_meta_index().

That out of bounds access is ultimately caused because the inode
has an inode number with the invalid value of zero, which was not checked.

The reason this causes the out of bounds access is due to following
sequence of events:

1. Fill_meta_index() is called to allocate (via empty_meta_index())
   and fill a metadata index.  It however suffers a data read error
   and aborts, invalidating the newly returned empty metadata index.
   It does this by setting the inode number of the index to zero,
   which means unused (zero is not a valid inode number).

2. When fill_meta_index() is subsequently called again on another
   read operation, locate_meta_index() returns the previous index
   because it matches the inode number of 0.  Because this index
   has been returned it is expected to have been filled, and because
   it hasn't been, an out of bounds access is performed.

This patch adds a sanity check which checks that the inode number
is not zero when the inode is created and returns -EINVAL if it is.

[phillip@squashfs.org.uk: whitespace fix]

Affected products Warnungen 0 Metrics 2 CWE 1 References 15

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.6.30

Linux ≫ Linux Kernel Version >= 6.7 < 6.8.8

Linux ≫ Linux Kernel Version6.9 Updaterc1

Linux ≫ Linux Kernel Version6.9 Updaterc2

Linux ≫ Linux Kernel Version6.9 Updaterc3

Linux ≫ Linux Kernel Version6.9 Updaterc4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.09

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/7def00ebc9f2d6a581ddf46ce4541f84a10680e5

Patch

Mailing List

https://git.kernel.org/stable/c/9253c54e01b6505d348afbc02abaa4d9f8a01395

Patch

Mailing List

https://git.kernel.org/stable/c/be383effaee3d89034f0828038f95065b518772e

Patch

Mailing List

https://git.kernel.org/stable/c/5b99dea79650b50909c50aba24fbae00f203f013

https://git.kernel.org/stable/c/32c114a58236fe67141634774559f21f1dc96fd7

https://git.kernel.org/stable/c/4a1b6f89825e267e156ccaeba3d235edcac77f94

https://git.kernel.org/stable/c/cf46f88b92cfc0e32bd8a21ba1273cff13b8745f

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/

https://nvd.nist.gov/vuln/detail/CVE-2024-26982

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26982

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26982

EUVD