3.3

CVE-2024-35935

btrfs: send: handle path ref underflow in header iterate_inode_ref()

In the Linux kernel, the following vulnerability has been resolved:

btrfs: send: handle path ref underflow in header iterate_inode_ref()

Change BUG_ON to proper error handling if building the path buffer
fails. The pointers are not printed so we don't accidentally leak kernel
addresses.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.19.312
LinuxLinux Kernel Version >= 4.20 < 5.4.274
LinuxLinux Kernel Version >= 5.5 < 5.10.215
LinuxLinux Kernel Version >= 5.11 < 5.15.155
LinuxLinux Kernel Version >= 5.16 < 6.1.86
LinuxLinux Kernel Version >= 6.2 < 6.6.27
LinuxLinux Kernel Version >= 6.7 < 6.8.6
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.127
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Third Party Advisory
https://git.kernel.org/stable/c/024529c27c8b4b273325a169e078337c8279e229
Patch
https://git.kernel.org/stable/c/03938619a1e718b6168ae4528e1b0f979293f1a5
Patch
https://git.kernel.org/stable/c/2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a
Patch
https://git.kernel.org/stable/c/3c6ee34c6f9cd12802326da26631232a61743501
Patch
https://git.kernel.org/stable/c/4720d590c4cb5d9ffa0060b89743651cc7e995f9
Patch
https://git.kernel.org/stable/c/9ae356c627b493323e1433dcb27a26917668c07c
Patch
https://git.kernel.org/stable/c/be2b6bcc936ae17f42fff6494106a5660b35d8d3
Patch
https://git.kernel.org/stable/c/c1363ed8867b81ea169fba2ccc14af96a85ed183
Patch
https://cert-portal.siemens.com/productcert/html/ssa-265688.html