PT-2024-7579 · Linux+7 · Linux Kernel+7
Lei Lu
·
Published
2024-06-24
·
Updated
2025-05-28
·
CVE-2024-47670
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.58
Description
The issue is related to the ocfs2 xattr find entry() function in the Linux kernel's ocfs2 file system module, which is vulnerable to out-of-bounds memory access. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability can be exploited by crafted images, and a paranoia check has been added to prevent out-of-bound access.
Recommendations
For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting access to the ocfs2 file system module until a patch is available.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu