CVE-2024-26981

HIGH

Linux kernel - Buffer Overflow

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix OOB in nilfs_set_de_type The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is defined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function, which uses this array, specifies the index to read from the array in the same way as "(mode & S_IFMT) >> S_SHIFT". static void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode *inode) { umode_t mode = inode->i_mode; de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob } However, when the index is determined this way, an out-of-bounds (OOB) error occurs by referring to an index that is 1 larger than the array size when the condition "mode & S_IFMT == S_IFMT" is satisfied. Therefore, a patch to resize the nilfs_type_by_mode array should be applied to prevent OOB errors.

References (13)

Scores

CVSS v3 7.8
EPSS 0.0001
EPSS Percentile 3.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-129
Status published
Products (10)
debian/debian_linux 10.0
linux/Kernel 2.6.30 - 4.19.313linux
linux/Kernel 4.20.0 - 5.4.275linux
linux/Kernel 5.11.0 - 5.15.157linux
linux/Kernel 5.16.0 - 6.1.88linux
linux/Kernel 5.5.0 - 5.10.216linux
linux/Kernel 6.2.0 - 6.6.29linux
linux/Kernel 6.7.0 - 6.8.8linux
linux/linux_kernel 6.9 rc1 (4 CPE variants)
linux/linux_kernel 2.6.30 - 4.19.313
Published May 01, 2024
Tracked Since Feb 18, 2026