CVE-2024-43858

HIGH

Linux Kernel - Array Index Out-of-Bounds in diFree

Title source: llm

STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix array-index-out-of-bounds in diFree

References (11)

Core 11

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Patch

https://git.kernel.org/stable/c/55b732c8b09b41148eaab2fa8e31b0af47671e00

Patch

https://git.kernel.org/stable/c/9b3a4345957f5372041bc4f59de322f62653e862

Patch

https://git.kernel.org/stable/c/538a27c8048f081a5ddd286f886eb986fbbc7f80

Patch

https://git.kernel.org/stable/c/63f7fdf733add82f126ea00e2e48f6eba15ac4b9

Patch

https://git.kernel.org/stable/c/8d8f9a477de0d7962342eedf2a599215b7c63d28

Patch

https://git.kernel.org/stable/c/ff14eadc278663cac69d57d3ca7fb2f394e1f8a7

Patch

https://git.kernel.org/stable/c/6aa6892a90a5a7fabffe5692ab9f06a7a46c6e42

Patch

https://git.kernel.org/stable/c/f73f969b2eb39ad8056f6c7f3a295fa2f85e313a

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Scores

CVSS v3 7.8

EPSS 0.0023

EPSS Percentile 14.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-129

Status published

Products (26)

linux/Kernel 2.6.12 - 4.19.320linux

linux/Kernel 4.20.0 - 5.4.282linux

linux/Kernel 5.11.0 - 5.15.165linux

linux/Kernel 5.16.0 - 6.1.103linux

linux/Kernel 5.5.0 - 5.10.224linux

linux/Kernel 6.2.0 - 6.6.44linux

linux/Kernel 6.7.0 - 6.10.3linux

Linux/Linux < 2.6.12

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 538a27c8048f081a5ddd286f886eb986fbbc7f80

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 55b732c8b09b41148eaab2fa8e31b0af47671e00

... and 16 more

Published Aug 17, 2024

Tracked Since Feb 18, 2026