PT-2024-21472 · Linux+5 · Linux Kernel+5

Ryusuke Konishi

Published

2024-02-07

Updated

2024-11-05

CVE-2024-26697

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the nilfs2 file system in the Linux kernel. Specifically, the helper function nilfs recovery copy block() of nilfs recovery dsync blocks() incorrectly calculates the on-page offset when copying repair data to the file's page cache. This flaw can cause data corruption and leak uninitialized memory bytes during the recovery process, particularly in environments where the block size is smaller than the page size.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-99

Related Identifiers

BDU:2026-01455

CVE-2024-26697

DLA-3840-1

DLA-3842-1

DSA-5658-1

DSA-5681-1

OESA-2024-1617

OESA-2024-1618

OESA-2024-1622

OESA-2024-1647

OESA-2024-1648

OESA-2024-1649

OPENSUSE-SU-2024_1490-1

OPENSUSE-SU-2024_1659-1

OPENSUSE-SU-2024_1663-1

SUSE-SU-2024:1490-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:2135-1

USN-6766-1

USN-6766-2

USN-6766-3

USN-6767-1

USN-6767-2

USN-6795-1

USN-6828-1

USN-6895-1

USN-6895-2

USN-6895-3

USN-6895-4

USN-6900-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-21472 · Linux+5 · Linux Kernel+5

CVE-2024-26697

Weakness Enumeration

Related Identifiers

Affected Products

References · 2046