Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getname_kernel(). Add a helper that validates both source and target device name buffers. For devid as the source initialize the buffer to empty string in case something tries to read it later. This was originally analyzed and fixed in a different way by Edward Adam Davis (see links).
References (10)
Core 10
Core References
Scores
CVSS v3
7.1
EPSS
0.0001
EPSS Percentile
1.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (9)
linux/Kernel
3.8.0 - 4.19.309linux
linux/Kernel
4.20.0 - 5.4.271linux
linux/Kernel
5.11.0 - 5.15.151linux
linux/Kernel
5.16.0 - 6.1.81linux
linux/Kernel
5.5.0 - 5.10.212linux
linux/Kernel
6.2.0 - 6.6.21linux
linux/Kernel
6.7.0 - 6.7.9linux
linux/linux_kernel
6.8 rc1 (6 CPE variants)
linux/linux_kernel
< 4.19.309
Published
Apr 04, 2024
Tracked Since
Feb 18, 2026