| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024072910-CVE-2024-41015-e5c0@gregkh> Date: Mon, 29 Jul 2024 08:37:11 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() Description =========== In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_check_dir_entry() This adds sanity checks for ocfs2_dir_entry to make sure all members of ocfs2_dir_entry don't stray beyond valid memory region. The Linux kernel CVE team has assigned CVE-2024-41015 to this issue. Affected and fixed versions =========================== Fixed in 4.19.319 with commit 13d38c00df97 Fixed in 5.4.281 with commit 564d23cc5b21 Fixed in 5.10.223 with commit 77495e5da5cb Fixed in 5.15.164 with commit 53de17ad01cb Fixed in 6.1.102 with commit fd65685594ee Fixed in 6.6.43 with commit e05a24289db9 Fixed in 6.9.12 with commit 624b380074f0 Fixed in 6.10.2 with commit edb2e67dd462 Fixed in 6.11-rc1 with commit 255547c6bb89 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-41015 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/ocfs2/dir.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/13d38c00df97289e6fba2e54193959293fd910d2 https://git.kernel.org/stable/c/564d23cc5b216211e1694d53f7e45959396874d0 https://git.kernel.org/stable/c/77495e5da5cb110a8fed27b052c77853fe282176 https://git.kernel.org/stable/c/53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7 https://git.kernel.org/stable/c/fd65685594ee707cbf3ddf22ebb73697786ac114 https://git.kernel.org/stable/c/e05a24289db90f76ff606086aadd62d068a88dcd https://git.kernel.org/stable/c/624b380074f0dc209fb8706db3295c735079f34c https://git.kernel.org/stable/c/edb2e67dd4626b06fd7eb37252d5067912e78d59 https://git.kernel.org/stable/c/255547c6bb8940a97eea94ef9d464ea5967763fb
Powered by blists - more mailing lists