5.5

CVE-2024-41034

nilfs2: fix kernel bug on rename operation of broken directory

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix kernel bug on rename operation of broken directory

Syzbot reported that in rename directory operation on broken directory on
nilfs2, __block_write_begin_int() called to prepare block write may fail
BUG_ON check for access exceeding the folio/page size.

This is because nilfs_dotdot(), which gets parent directory reference
entry ("..") of the directory to be moved or renamed, does not check
consistency enough, and may return location exceeding folio/page size for
broken directories.

Fix this issue by checking required directory entries ("." and "..") in
the first chunk of the directory in nilfs_dotdot().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.30 < 4.19.318
LinuxLinux Kernel Version >= 4.20 < 5.4.280
LinuxLinux Kernel Version >= 5.5 < 5.10.222
LinuxLinux Kernel Version >= 5.11 < 5.15.163
LinuxLinux Kernel Version >= 5.16 < 6.1.100
LinuxLinux Kernel Version >= 6.2 < 6.6.41
LinuxLinux Kernel Version >= 6.7 < 6.9.10
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
LinuxLinux Kernel Version6.10 Updaterc3
LinuxLinux Kernel Version6.10 Updaterc4
LinuxLinux Kernel Version6.10 Updaterc5
LinuxLinux Kernel Version6.10 Updaterc6
LinuxLinux Kernel Version6.10 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.213
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/1a8879c0771a68d70ee2e5e66eea34207e8c6231
Patch
https://git.kernel.org/stable/c/24c1c8566a9b6be51f5347be2ea76e25fc82b11e
Patch
https://git.kernel.org/stable/c/298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5
Patch
https://git.kernel.org/stable/c/60f61514374e4a0c3b65b08c6024dd7e26150bfd
Patch
https://git.kernel.org/stable/c/7000b438dda9d0f41a956fc9bffed92d2eb6be0d
Patch
https://git.kernel.org/stable/c/a9a466a69b85059b341239766a10efdd3ee68a4b
Patch
https://git.kernel.org/stable/c/a9e1ddc09ca55746079cc479aa3eb6411f0d99d4
Patch
https://git.kernel.org/stable/c/ff9767ba2cb949701e45e6e4287f8af82986b703
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html