In the Linux kernel, the following vulnerability has been resolved:
xfs: fix log recovery buffer allocation for the legacy h_size fixup
Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by
mkfs") added a fixup for incorrect h_size values used for the initial
umount record in old xfsprogs versions. Later commit 0c771b99d6c9
("xfs: clean up calculation of LR header blocks") cleaned up the log
reover buffer calculation, but stoped using the fixed up h_size value
to size the log recovery buffer, which can lead to an out of bounds
access when the incorrect h_size does not come from the old mkfs
tool, but a fuzzer.
Fix this by open coding xlog_logrec_hblks and taking the fixed h_size
into account for this calculation.
References
Configurations
History
19 Aug 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Aug 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Jul 2024, 17:12
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-770 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
First Time |
Linux
Linux linux Kernel |
|
References | () https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a - Mailing List, Patch |
05 Jul 2024, 12:55
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
05 Jul 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-05 07:15
Updated : 2024-08-19 05:15
NVD link : CVE-2024-39472
Mitre link : CVE-2024-39472
CVE.ORG link : CVE-2024-39472
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-770
Allocation of Resources Without Limits or Throttling