In the Linux kernel, the following vulnerability has been resolved: nilfs2:
fix OOB in nilfs_set_de_type The size of the nilfs_type_by_mode array in
the fs/nilfs2/dir.c file is defined as “S_IFMT >> S_SHIFT”, but the
nilfs_set_de_type() function, which uses this array, specifies the index to
read from the array in the same way as “(mode & S_IFMT) >> S_SHIFT”. static
void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode *inode) {
umode_t mode = inode->i_mode; de->file_type = nilfs_type_by_mode[(mode &
S_IFMT)>>S_SHIFT]; // oob } However, when the index is determined this way,
an out-of-bounds (OOB) error occurs by referring to an index that is 1
larger than the array size when the condition “mode & S_IFMT == S_IFMT” is
satisfied. Therefore, a patch to resize the nilfs_type_by_mode array should
be applied to prevent OOB errors.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-189.209 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-116.126 | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < 6.8.0-38.38 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1128.138 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1065.71 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < 6.8.0-1011.12 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1065.71~20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1133.140 | UNKNOWN |
git.kernel.org/linus/c4a7dc9523b59b3e73fd522c73e95e072f876b16 (6.9-rc5)
git.kernel.org/stable/c/2382eae66b196c31893984a538908c3eb7506ff9
git.kernel.org/stable/c/897ac5306bbeb83e90c437326f7044c79a17c611
git.kernel.org/stable/c/90823f8d9ecca3d5fa6b102c8e464c62f416975f
git.kernel.org/stable/c/bdbe483da21f852c93b22557b146bc4d989260f0
git.kernel.org/stable/c/c4a7dc9523b59b3e73fd522c73e95e072f876b16
launchpad.net/bugs/cve/CVE-2024-26981
nvd.nist.gov/vuln/detail/CVE-2024-26981
security-tracker.debian.org/tracker/CVE-2024-26981
ubuntu.com/security/notices/USN-6893-1
ubuntu.com/security/notices/USN-6893-2
ubuntu.com/security/notices/USN-6893-3
ubuntu.com/security/notices/USN-6896-1
ubuntu.com/security/notices/USN-6896-2
ubuntu.com/security/notices/USN-6896-3
ubuntu.com/security/notices/USN-6896-4
ubuntu.com/security/notices/USN-6896-5
ubuntu.com/security/notices/USN-6898-1
ubuntu.com/security/notices/USN-6898-2
ubuntu.com/security/notices/USN-6898-3
ubuntu.com/security/notices/USN-6898-4
ubuntu.com/security/notices/USN-6917-1
ubuntu.com/security/notices/USN-6918-1
ubuntu.com/security/notices/USN-6919-1
www.cve.org/CVERecord?id=CVE-2024-26981