5.5
CVE-2024-39482
- EPSS 0.23%
- Veröffentlicht 05.07.2024 07:15:10
- Zuletzt bearbeitet 12.05.2026 12:16:56
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
bcache: fix variable length array abuse in btree_iter
In the Linux kernel, the following vulnerability has been resolved: bcache: fix variable length array abuse in btree_iter btree_iter is used in two ways: either allocated on the stack with a fixed size MAX_BSETS, or from a mempool with a dynamic size based on the specific cache set. Previously, the struct had a fixed-length array of size MAX_BSETS which was indexed out-of-bounds for the dynamically-sized iterators, which causes UBSAN to complain. This patch uses the same approach as in bcachefs's sort_iter and splits the iterator into a btree_iter with a flexible array member and a btree_iter_stack which embeds a btree_iter as well as a fixed-length data array.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.10 < 5.10.221
Linux ≫ Linux Kernel Version >= 5.15 < 5.15.162
Linux ≫ Linux Kernel Version >= 6.1 < 6.1.94
Linux ≫ Linux Kernel Version >= 6.6 < 6.6.34
Linux ≫ Linux Kernel Version >= 6.9 < 6.9.5
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.138 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://git.kernel.org/stable/c/0c31344e22dd8d6b1394c6e4c41d639015bdc671
https://git.kernel.org/stable/c/2c3d7b03b658dc8bfa6112b194b67b92a87e081b
https://git.kernel.org/stable/c/3a861560ccb35f2a4f0a4b8207fa7c2a35fc7f31
https://git.kernel.org/stable/c/5a1922adc5798b7ec894cd3f197afb6f9591b023
https://git.kernel.org/stable/c/6479b9f41583b013041943c4602e1ad61cec8148
https://git.kernel.org/stable/c/934e1e4331859183a861f396d7dfaf33cb5afb02
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
https://cert-portal.siemens.com/productcert/html/ssa-355557.html
https://cert-portal.siemens.com/productcert/html/ssa-613116.html