PT-2024-21604 · Linux+10 · Linux Kernel+10

Published

2024-03-20

·

Updated

2025-10-22

·

CVE-2024-26982

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is caused by an out of bounds access in fill meta index() due to an inode having an invalid inode number of zero, which was not checked. This occurs when fill meta index() is called to allocate and fill a metadata index, but it suffers a data read error, aborts, and invalidates the newly returned empty metadata index by setting its inode number to zero. When fill meta index() is called again, locate meta index() returns the previous index because it matches the inode number of 0, leading to an out of bounds access. A patch has been added to check that the inode number is not zero when the inode is created, returning -EINVAL if it is.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-416

Related Identifiers

ALSA-2024:4211
ALSA-2024:4352
ALSA-2024:4928
ALSA-2025_16880
AZL-57731
BDU:2024-03748
BDU:2025-11885
CESA-2024_4211
CESA-2024_4352
CVE-2024-26982
DLA-4178-1
DLA-4193-1
DSA-5900-1
ECHO-035C-9C42-5804
INFSA-2024_4211
INFSA-2024_4352
INFSA-2024_4928
OESA-2024-1677
OESA-2024-1678
OESA-2024-1680
OESA-2024-1681
OESA-2024-1682
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
RHSA-2024:4211
RHSA-2024:4352
RHSA-2024:4823
RHSA-2024:4831
RHSA-2024:4928
RHSA-2024:5255
RHSA-2024:6297
RHSA-2024_4211
RHSA-2024_4352
RHSA-2024_4928
RLSA-2024:4211
RLSA-2024:4352
RLSA-2024:4928
RXSA-2024:4211
RXSA-2024:4928
SUSE-SU-2024:1644-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:02846-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025_02846-1
USN-6893-1
USN-6893-2
USN-6893-3
USN-6918-1
USN-7510-1
USN-7510-2
USN-7510-3
USN-7510-4
USN-7510-5
USN-7510-6
USN-7510-7
USN-7510-8
USN-7511-1
USN-7511-2
USN-7511-3
USN-7512-1
USN-7516-1
USN-7516-2
USN-7516-3
USN-7516-4
USN-7516-5
USN-7516-6
USN-7516-7
USN-7516-8
USN-7516-9
USN-7517-1
USN-7517-2
USN-7517-3
USN-7518-1
USN-7539-1
USN-7540-1
USN-7593-1
USN-7602-1
USN-7640-1

Affected Products

Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu