Konstantin Komarov

Researcher fromParagon Software
#9699of 53,635
28.5Total CVSS
Vulnerabilities · 4
Medium
2
High
1
Critical
1
PT-2024-8927
10
2024-04-23
Linux · Linux Kernel · CVE-2024-38623
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the allocation of insufficient memory in the GUID structure of the fs/ntfs3 module in the Linux kernel. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The problem arises from the use of a fixed-size array instead of a variable-length array, which leads to a smatch warning in the `ntfs set label()` function. Specifically, the `uni->name` variable is too small, with a size of 20 compared to the required 256. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-28085
5.5
2024-04-16
Linux · Linux Kernel · CVE-2024-38624
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an integer overflow in the fs/ntfs3 component of the Linux kernel. This overflow can occur in the expression `vbo = 2 * vbo + skip`. The vulnerability may allow an attacker to execute arbitrary code. The `log read rst()` function in `fs/ntfs3/fslog.c` is also mentioned as being related to the vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-28086
7.5
2024-04-16
Linux · Linux Kernel · CVE-2024-38625
**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.37 **Description** The issue is related to the Linux kernel, specifically in the fs/ntfs3 module, where the `folio` pointer can be NULL if the `bmap` function is called. This can potentially lead to issues within the kernel. **Recommendations** For Linux kernel versions prior to 6.6.37, update to version 6.6.37 or later to resolve the issue. As a temporary workaround, consider restricting access to the `bmap` function in the fs/ntfs3 module until a patch is available.
PT-2023-9600
5.5
2023-12-06
Linux · Linux Kernel · CVE-2023-52641
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the ntfs3 component of the Linux kernel. This could allow an attacker to cause a denial of service. The vulnerability is resolved by adding NULL pointer dereference checking at the end of the `attr allocate frame()` function. It is preferable to exit through the out: label because internal debugging functions are located there. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.