CVE-2024-41013

Updated: 2024-09-24 04:21:13.792221

Description:

In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start offset of the dup and dep is within the range. So in a crafted image, if last entry is xfs_dir2_data_unused, we can change dup->length to dup->length-1 and leave 1 byte of space. In the next traversal, this space will be considered as dup or dep. We may encounter an out of bound read when accessing the fixed members. In the patch, we make sure that the remaining bytes large enough to hold an unused entry before accessing xfs_dir2_data_unused and xfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make sure that the remaining bytes large enough to hold a dirent with a single-byte name before accessing xfs_dir2_data_entry.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x HIGH 7.1000000000000005

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.1 HIGH Released CLSA-2024:1728936982 2024-10-14 17:31:46
AlmaLinux 9.2 FIPS kernel 5.14.0 7.1 HIGH Released CLSA-2024:1729541873 2024-10-21 17:29:21
CentOS 6 ELS kernel 2.6.32 7.1 HIGH Not Vulnerable 2024-11-29 12:08:40
CentOS 7 ELS kernel 3.10.0 7.1 HIGH Released CLSA-2024:1728935304 2024-10-25 01:06:38
CentOS 8.4 ELS kernel 4.18.0 7.1 HIGH Released CLSA-2024:1727690947 2024-09-30 10:46:08
CentOS 8.5 ELS kernel 4.18.0 7.1 HIGH Released CLSA-2024:1727690025 2024-09-30 10:46:09
CentOS Stream 8 ELS kernel 4.18.0 7.1 HIGH In Testing 2024-10-06 17:26:41
CloudLinux 6 ELS kernel 2.6.32 7.1 HIGH Ignored 2024-10-09 03:43:13
CloudLinux 7 ELS kernel 3.10.0 7.1 HIGH Ignored 2025-01-10 22:43:34
Oracle Linux 6 ELS kernel 2.6.32 7.1 HIGH Not Vulnerable 2025-02-24 06:46:18