PT-2024-28507 · Linux+4 · Linux Kernel+4

Syzbot

Published

2024-04-25

Updated

2025-01-14

CVE-2024-39467

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description A vulnerability in the Linux kernel has been resolved, which was caused by a missing sanity check on i xattr nid during f2fs iget(). This led to current nat addr() accessing nat bitmap with an offset from an invalid i xattr nid, resulting in a slab-out-of-bounds bug report. The issue was identified by syzbot and has been fixed.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider disabling the f2fs xattr fiemap function until a patch is available. Restrict access to the f2fs module to minimize the risk of exploitation. Avoid using the ioctl fiemap API endpoint until the issue is resolved.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2025-03452

CVE-2024-39467

DSA-5730-1

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-1836

OESA-2024-1838

OESA-2024-1839

USN-6951-1

USN-6951-2

USN-6951-3

USN-6951-4

USN-6953-1

USN-6979-1

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7007-1

USN-7007-2

USN-7007-3

USN-7008-1

USN-7009-1

USN-7009-2

USN-7019-1

USN-7029-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2024-28507 · Linux+4 · Linux Kernel+4

CVE-2024-39467

Weakness Enumeration

Related Identifiers

Affected Products

References · 717