CVE-2024-56596

EPSS 0.04%
Veröffentlicht 27.12.2024 15:15:18
Zuletzt bearbeitet 03.11.2025 21:18:02
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

jfs: fix array-index-out-of-bounds in jfs_readdir

The stbl might contain some invalid values. Added a check to
return error code in that case.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.4.287

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.231

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.174

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.120

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.66

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.098

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/839f102efb168f02dfdd46717b7c6dddb26b015e

Patch

https://git.kernel.org/stable/c/8ff7579554571d92e3deab168f5a7d7b146ed368

Patch

https://git.kernel.org/stable/c/97e693593162eef6851d232f0c8148169ed46a5c

Patch

https://git.kernel.org/stable/c/9efe72eefd4c4a7ce63b3e4d667d766d2b360cb4

Patch

https://git.kernel.org/stable/c/b62f41aeec9d250144c53875b507c1d45ae8c8fc

Patch

https://git.kernel.org/stable/c/e7d376f94f72b020f84e77278b150ec1cc27502c

Patch