Linux · Linux Kernel · CVE-2024-38578
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.37
Description:
The vulnerability is related to a buffer size issue in the ecryptfs component of the Linux kernel. Specifically, the 'TAG 66 Packet Format' description is missing the cipher code and checksum fields, resulting in a buffer allocation that is 3 bytes too small. This can cause the `write tag 66 packet()` function to write up to 3 bytes past the end of the buffer, leading to a slab-out-of-bounds bug. The issue is fixed by increasing the size of the allocation to ensure the whole packet fits in the buffer.
Recommendations:
To resolve the issue, update the Linux kernel to version 6.6.37 or later. If updating is not possible, consider disabling the ecryptfs component or restricting its use to minimize the risk of exploitation.