7.8

CVE-2024-56596

jfs: fix array-index-out-of-bounds in jfs_readdir

In the Linux kernel, the following vulnerability has been resolved:

jfs: fix array-index-out-of-bounds in jfs_readdir

The stbl might contain some invalid values. Added a check to
return error code in that case.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.4.287
LinuxLinux Kernel Version >= 5.5 < 5.10.231
LinuxLinux Kernel Version >= 5.11 < 5.15.174
LinuxLinux Kernel Version >= 5.16 < 6.1.120
LinuxLinux Kernel Version >= 6.2 < 6.6.66
LinuxLinux Kernel Version >= 6.7 < 6.12.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.136
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/839f102efb168f02dfdd46717b7c6dddb26b015e
Patch
https://git.kernel.org/stable/c/8ff7579554571d92e3deab168f5a7d7b146ed368
Patch
https://git.kernel.org/stable/c/97e693593162eef6851d232f0c8148169ed46a5c
Patch
https://git.kernel.org/stable/c/9efe72eefd4c4a7ce63b3e4d667d766d2b360cb4
Patch
https://git.kernel.org/stable/c/b62f41aeec9d250144c53875b507c1d45ae8c8fc
Patch
https://git.kernel.org/stable/c/e7d376f94f72b020f84e77278b150ec1cc27502c
Patch
https://git.kernel.org/stable/c/ff9fc48fab0e1ea0d423c23c99b91bba178f0b05
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html