5.5

CVE-2024-50218

ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow

Syzbot reported a kernel BUG in ocfs2_truncate_inline.  There are two
reasons for this: first, the parameter value passed is greater than
ocfs2_max_inline_data_with_xattr, second, the start and end parameters of
ocfs2_truncate_inline are "unsigned int".

So, we need to add a sanity check for byte_start and byte_len right before
ocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater
than ocfs2_max_inline_data_with_xattr return -EINVAL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.24 < 4.19.323
LinuxLinux Kernel Version >= 4.20 < 5.4.285
LinuxLinux Kernel Version >= 5.5 < 5.10.229
LinuxLinux Kernel Version >= 5.11 < 5.15.171
LinuxLinux Kernel Version >= 5.16 < 6.1.116
LinuxLinux Kernel Version >= 6.2 < 6.6.60
LinuxLinux Kernel Version >= 6.7 < 6.11.7
LinuxLinux Kernel Version6.12 Updaterc1
LinuxLinux Kernel Version6.12 Updaterc2
LinuxLinux Kernel Version6.12 Updaterc3
LinuxLinux Kernel Version6.12 Updaterc4
LinuxLinux Kernel Version6.12 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.187
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/0b6b8c2055784261de3fb641c5d0d63964318e8f
Patch
https://git.kernel.org/stable/c/27d95867bee806cdc448d122bd99f1d8b0544035
Patch
https://git.kernel.org/stable/c/2fe5d62e122b040ce7fc4d31aa7fa96ae328cefc
Patch
https://git.kernel.org/stable/c/70767689ec6ee5f05fb0a2c17d7ec1927946e486
Patch
https://git.kernel.org/stable/c/88f97a4b5843ce21c1286e082c02a5fb4d8eb473
Patch
https://git.kernel.org/stable/c/95fbed8ae8c32c0977e6be1721c190d8fea23f2f
Patch
https://git.kernel.org/stable/c/bc0a2f3a73fcdac651fca64df39306d1e5ebe3b0
Patch
https://git.kernel.org/stable/c/ecd62f684386fa64f9c0cea92eea361f4e6444c2
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html