Lucene search

416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2024-38623

HistoryJun 21, 2024 - 11:15 a.m.

CVE-2024-38623

2024-06-2111:15:11

CWE-129

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux

kernel

ntfs3

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.8%

JSON

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Use variable length array instead of fixed size

Should fix smatch warning:
ntfs_set_label() error: __builtin_memcpy() ‘uni->name’ too small (20 vs 256)

Affected configurations

Vulners

Node

linuxlinux_kernelRange5.15–5.15.161

linuxlinux_kernelRange5.16.0–6.1.93

linuxlinux_kernelRange6.2.0–6.6.33

linuxlinux_kernelRange6.7.0–6.9.4

linuxlinux_kernelRange6.10.0–6.10-rc1

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/ntfs3/ntfs.h"
    ],
    "versions": [
      {
        "version": "4534a70b7056",
        "lessThan": "a2de301d90b7",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4534a70b7056",
        "lessThan": "3839a9b19a4b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4534a70b7056",
        "lessThan": "1fe1c9dc21ee",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4534a70b7056",
        "lessThan": "cceef44b3481",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4534a70b7056",
        "lessThan": "1997cdc3e727",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/ntfs3/ntfs.h"
    ],
    "versions": [
      {
        "version": "5.15",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.15",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.161",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.93",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.33",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.4",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10-rc1",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

References

git.kernel.org/stable/c/1997cdc3e727526aa5d84b32f7cbb3f56459b7ef

git.kernel.org/stable/c/1fe1c9dc21ee52920629d2d9b9bd84358931a8d1

git.kernel.org/stable/c/3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7

git.kernel.org/stable/c/a2de301d90b782ac5d7a5fe32995caaee9ab3a0f

git.kernel.org/stable/c/cceef44b34819c24bb6ed70dce5b524bd3e368d1

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.8%

JSON

Related for CVE-2024-38623