CVE-2024-41018

Summary

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Add a check for attr_names and oatbl

Added out-of-bound checking for *ane (ATTR_NAME_ENTRY).

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxe0b64e4ad2eb013fd3299e34e7fe5e19f321e140 < f3124d51e4e7b56a732419d8dc270e807252334faffected
LinuxLinux865e7a7700d930d34895a70f8af2eb4e778a5b0e < c114d2b88f8b226d4b2acf5a1ba0412cde6c31ddaffected
LinuxLinux865e7a7700d930d34895a70f8af2eb4e778a5b0e < 9b71f820f7168f1eab8378c80c7ea8a022a475bcaffected
LinuxLinux865e7a7700d930d34895a70f8af2eb4e778a5b0e < 702d4930eb06dcfda85a2fa67e8a1a27bfa2a845affected
LinuxLinux653687cca0fdbf426c078b46c377c57bee49e837affected
LinuxLinux6.6.19 < 6.6.43affected
LinuxLinux6.7.7 < 6.8affected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.6.43 <= 6.6.*unaffected
LinuxLinux6.9.12 <= 6.9.*unaffected
LinuxLinux6.10.2 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References