CVE-2024-56598

EPSS 0.04%
Veröffentlicht 27.12.2024 15:15:19
Zuletzt bearbeitet 03.11.2025 21:18:03
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

jfs: array-index-out-of-bounds fix in dtReadFirst

The value of stbl can be sometimes out of bounds due
to a bad filesystem. Added a check with appopriate return
of error code in that case.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.4.287

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.231

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.174

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.120

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.66

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.098

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/22dcbf7661c6ffc3247978c254dc40b833a0d429

Patch

https://git.kernel.org/stable/c/25f1e673ef61d6bf9a6022e27936785896d74948

Patch

https://git.kernel.org/stable/c/2eea5fda5556ef03defebf07b0a12fcd2c5210f4

Patch

https://git.kernel.org/stable/c/823d573f5450ca6be80b36f54d1902ac7cd23fb9

Patch

https://git.kernel.org/stable/c/8c97a4d5463a1c972ef576ac499ea9b05f956097

Patch

https://git.kernel.org/stable/c/ca84a2c9be482836b86d780244f0357e5a778c46

Patch