7.1

CVE-2024-50247

fs/ntfs3: Check if more than chunk-size bytes are written

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Check if more than chunk-size bytes are written

A incorrectly formatted chunk may decompress into
more than LZNT_CHUNK_SIZE bytes and a index out of bounds
will occur in s_max_off.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.15.171
LinuxLinux Kernel Version >= 5.16 < 6.1.116
LinuxLinux Kernel Version >= 6.2 < 6.6.60
LinuxLinux Kernel Version >= 6.7 < 6.11.7
LinuxLinux Kernel Version6.12 Updaterc1
LinuxLinux Kernel Version6.12 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.122
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/1b6bc5f7212181093b6c5310eea216fc09c721a9
Patch
https://git.kernel.org/stable/c/4a4727bc582832f354e0d3d49838a401a28ae25e
Patch
https://git.kernel.org/stable/c/5f21e3e60982cd7353998b4f59f052134fd47d64
Patch
https://git.kernel.org/stable/c/9931122d04c6d431b2c11b5bb7b10f28584067f0
Patch
https://git.kernel.org/stable/c/e5ae7859008688626b4d2fa6139eeaa08e255053
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html