CVE-2024-56595

EPSS 0.04%
Veröffentlicht 27.12.2024 15:15:18
Zuletzt bearbeitet 03.11.2025 21:18:02
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

When the value of lp is 0 at the beginning of the for loop, it will
become negative in the next assignment and we should bail out.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.4.287

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.231

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.174

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.120

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.66

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.098

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/368a533152220b0a6f1142327d96c6b6361f3002

Patch

https://git.kernel.org/stable/c/3b5d21b56c3774bc84eab0a93aaac22a4475e2c4

Patch

https://git.kernel.org/stable/c/491487eeddccc4bb49f2e59d8c8f35bec89c15ca

Patch

https://git.kernel.org/stable/c/8a4311bbde702362fe7412045d06ab6767235dac

Patch

https://git.kernel.org/stable/c/a174706ba4dad895c40b1d2277bade16dfacdcd9

Patch

https://git.kernel.org/stable/c/a3d408870bc19b794646871bc4c3a5daa66f91c5

Patch