CVE-2024-26697

MEDIUM

Linux Kernel < 4.19.307, 4.20.0-6.7.6 - Out-of-bounds Write in nilfs2 Recovery Block Copy

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync block recovery for small block sizes The helper function nilfs_recovery_copy_block() of nilfs_recovery_dsync_blocks(), which recovers data from logs created by data sync writes during a mount after an unclean shutdown, incorrectly calculates the on-page offset when copying repair data to the file's page cache. In environments where the block size is smaller than the page size, this flaw can cause data corruption and leak uninitialized memory bytes during the recovery process. Fix these issues by correcting this byte offset calculation on the page.

References (10)

Core 10
Core References

Scores

CVSS v3 5.5
EPSS 0.0001
EPSS Percentile 0.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (28)
debian/debian_linux 10.0
linux/Kernel 2.6.30 - 4.19.307linux
linux/Kernel 4.20.0 - 5.4.269linux
linux/Kernel 5.11.0 - 5.15.149linux
linux/Kernel 5.16.0 - 6.1.79linux
linux/Kernel 5.5.0 - 5.10.210linux
linux/Kernel 6.2.0 - 6.6.18linux
linux/Kernel 6.7.0 - 6.7.6linux
Linux/Linux < 2.6.30
Linux/Linux 0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b - 120f7fa2008e3bd8b7680b4ab5df942decf60fd5
... and 18 more
Published Apr 03, 2024
Tracked Since Feb 18, 2026