PT-2024-8313 · Linux+6 · Linux Kernel+6
Syzbot
·
Published
2024-04-16
·
Updated
2025-09-29
·
CVE-2024-26981
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to an out-of-bounds (OOB) error in the
nilfs set de type() function, which uses the nilfs type by mode array. The error occurs when the index is determined in a way that refers to an index 1 larger than the array size, specifically when the condition mode & S IFMT == S IFMT is satisfied. This can lead to a denial of service. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.Technical details about exploitation include:
- The
nilfs set de type()function is vulnerable. - The
nilfs type by modearray is involved, with the index calculated as(mode & S IFMT) >> S SHIFT. - The
modevariable, specifically theumode t mode = inode->i mode;line, plays a role in determining the index. - The condition
mode & S IFMT == S IFMTbeing satisfied leads to the OOB error.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Out of bounds Read
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu