CVE-2024-41086

Summary

In the Linux kernel, the following vulnerability has been resolved:

bcachefs: Fix sb_field_downgrade validation

  • bch2_sb_downgrade_validate() wasn't checking for a downgrade entry extending past the end of the superblock section

  • for_each_downgrade_entry() is used in to_text() and needs to work on malformed input; it also was missing a check for a field extending past the end of the section

Affected Software

VendorProductVersion RangeStatus
LinuxLinux84f1638795da1ff2084597de4251e9054f1ad728 < bf920ed92ef24dcd6970c88881cd4700b3acf05baffected
LinuxLinux84f1638795da1ff2084597de4251e9054f1ad728 < 692aa7a54b2b28d59f24b3bf8250837805484b99affected
LinuxLinux6.7affected
LinuxLinux0 < 6.7unaffected
LinuxLinux6.9.8 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References