7.8

CVE-2024-56595

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

In the Linux kernel, the following vulnerability has been resolved:

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

When the value of lp is 0 at the beginning of the for loop, it will
become negative in the next assignment and we should bail out.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.4.287
LinuxLinux Kernel Version >= 5.5 < 5.10.231
LinuxLinux Kernel Version >= 5.11 < 5.15.174
LinuxLinux Kernel Version >= 5.16 < 6.1.120
LinuxLinux Kernel Version >= 6.2 < 6.6.66
LinuxLinux Kernel Version >= 6.7 < 6.12.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.168
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/368a533152220b0a6f1142327d96c6b6361f3002
Patch
https://git.kernel.org/stable/c/3b5d21b56c3774bc84eab0a93aaac22a4475e2c4
Patch
https://git.kernel.org/stable/c/491487eeddccc4bb49f2e59d8c8f35bec89c15ca
Patch
https://git.kernel.org/stable/c/8a4311bbde702362fe7412045d06ab6767235dac
Patch
https://git.kernel.org/stable/c/a174706ba4dad895c40b1d2277bade16dfacdcd9
Patch
https://git.kernel.org/stable/c/a3d408870bc19b794646871bc4c3a5daa66f91c5
Patch
https://git.kernel.org/stable/c/b15000bcbecf27e0f7c0f149a409e5b865e28ca2
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html