Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2024-42143

HistoryJul 30, 2024 - 8:15 a.m.

CVE-2024-42143

2024-07-3008:15:06

Debian Security Bug Tracker

security-tracker.debian.org

orangefs

fix

out-of-bounds

fsid

access

cve-2024-42143

unix

AI Score

7.1

Confidence

High

EPSS

Percentile

9.5%

JSON

In the Linux kernel, the following vulnerability has been resolved: orangefs: fix out-of-bounds fsid access Arnd Bergmann sent a patch to fsdevel, he says: “orangefs_statfs() copies two consecutive fields of the superblock into the statfs structure, which triggers a warning from the string fortification helpers” Jan Kara suggested an alternate way to do the patch to make it more readable. I ran both ideas through xfstests and both seem fine. This patch is based on Jan Kara’s suggestion.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 6.1.98-1linux_6.1.98-1_all.deb
Debian11alllinux< 5.10.223-1linux_5.10.223-1_all.deb
Debian999alllinux< 6.9.9-1linux_6.9.9-1_all.deb
Debian13alllinux< 6.9.9-1linux_6.9.9-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 6.1.98-1	linux_6.1.98-1_all.deb
Debian	11	all	linux	< 5.10.223-1	linux_5.10.223-1_all.deb
Debian	999	all	linux	< 6.9.9-1	linux_6.9.9-1_all.deb
Debian	13	all	linux	< 6.9.9-1	linux_6.9.9-1_all.deb