| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122702-CVE-2024-56598-3955@gregkh> Date: Fri, 27 Dec 2024 15:51:05 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst Description =========== In the Linux kernel, the following vulnerability has been resolved: jfs: array-index-out-of-bounds fix in dtReadFirst The value of stbl can be sometimes out of bounds due to a bad filesystem. Added a check with appopriate return of error code in that case. The Linux kernel CVE team has assigned CVE-2024-56598 to this issue. Affected and fixed versions =========================== Fixed in 5.4.287 with commit 25f1e673ef61d6bf9a6022e27936785896d74948 Fixed in 5.10.231 with commit 8c97a4d5463a1c972ef576ac499ea9b05f956097 Fixed in 5.15.174 with commit 823d573f5450ca6be80b36f54d1902ac7cd23fb9 Fixed in 6.1.120 with commit 2eea5fda5556ef03defebf07b0a12fcd2c5210f4 Fixed in 6.6.66 with commit fd993b2180b4c373af8b99aa28d4dcda5c2a8f10 Fixed in 6.12.5 with commit 22dcbf7661c6ffc3247978c254dc40b833a0d429 Fixed in 6.13-rc1 with commit ca84a2c9be482836b86d780244f0357e5a778c46 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-56598 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/jfs/jfs_dtree.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/25f1e673ef61d6bf9a6022e27936785896d74948 https://git.kernel.org/stable/c/8c97a4d5463a1c972ef576ac499ea9b05f956097 https://git.kernel.org/stable/c/823d573f5450ca6be80b36f54d1902ac7cd23fb9 https://git.kernel.org/stable/c/2eea5fda5556ef03defebf07b0a12fcd2c5210f4 https://git.kernel.org/stable/c/fd993b2180b4c373af8b99aa28d4dcda5c2a8f10 https://git.kernel.org/stable/c/22dcbf7661c6ffc3247978c254dc40b833a0d429 https://git.kernel.org/stable/c/ca84a2c9be482836b86d780244f0357e5a778c46
Powered by blists - more mailing lists