CVE-2024-41016

Summary

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()

xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcf1d6c763fbcb115263114302485ad17e7933d87 < e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090affected
LinuxLinuxcf1d6c763fbcb115263114302485ad17e7933d87 < e8f9c4af7af7e9e4cd09c0251c7936593147419faffected
LinuxLinuxcf1d6c763fbcb115263114302485ad17e7933d87 < 57a3d89831fcaa2cdbe024b47c7c36d5a56c3637affected
LinuxLinuxcf1d6c763fbcb115263114302485ad17e7933d87 < c031d286eceb82f72f8623b7f4abd2aa491bfb5eaffected
LinuxLinuxcf1d6c763fbcb115263114302485ad17e7933d87 < cfb926051fab19b10d1e65976211f364aa820180affected
LinuxLinuxcf1d6c763fbcb115263114302485ad17e7933d87 < c726dea9d0c806d64c26fcef483b1fb9474d8c5eaffected
LinuxLinuxcf1d6c763fbcb115263114302485ad17e7933d87 < e4ffea01adf3323c821b6f37e9577d2d400adbaaaffected
LinuxLinuxcf1d6c763fbcb115263114302485ad17e7933d87 < af77c4fc1871847b528d58b7fdafb4aa1f6a9262affected
LinuxLinux2.6.28affected
LinuxLinux0 < 2.6.28unaffected
LinuxLinux4.19.323 <= 4.19.*unaffected
LinuxLinux5.4.285 <= 5.4.*unaffected
LinuxLinux5.10.227 <= 5.10.*unaffected
LinuxLinux5.15.168 <= 5.15.*unaffected
LinuxLinux6.1.112 <= 6.1.*unaffected
LinuxLinux6.6.53 <= 6.6.*unaffected
LinuxLinux6.10.12 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References