CVE-2024-41013

HIGH

Linux Kernel - Info Disclosure

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start offset of the dup and dep is within the range. So in a crafted image, if last entry is xfs_dir2_data_unused, we can change dup->length to dup->length-1 and leave 1 byte of space. In the next traversal, this space will be considered as dup or dep. We may encounter an out of bound read when accessing the fixed members. In the patch, we make sure that the remaining bytes large enough to hold an unused entry before accessing xfs_dir2_data_unused and xfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make sure that the remaining bytes large enough to hold a dirent with a single-byte name before accessing xfs_dir2_data_entry.

References (4)

Core 4

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Patch

https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a

Patch

https://git.kernel.org/stable/c/b0932e4f9da85349d1c8f2a77d2a7a7163b8511d

Patch

https://git.kernel.org/stable/c/ca96d83c93071f95cf962ce92406621a472df31b

Scores

CVSS v3 7.1

EPSS 0.0001

EPSS Percentile 2.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (1)

linux/linux_kernel < 6.1.142

Published Jul 29, 2024

Tracked Since Feb 18, 2026