CVE-2024-56619
Description
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
Syzbot reported that when searching for records in a directory where the
inode's i_size is corrupted and has a large value, memory access outside
the folio/page range may occur, or a use-after-free bug may be detected if
KASAN is enabled.
This is because nilfs_last_byte(), which is called by nilfs_find_entry()
and others to calculate the number of valid bytes of directory data in a
page from i_size and the page index, loses the upper 32 bits of the 64-bit
size information due to an inappropriate type of local variable to which
the i_size value is assigned.
This caused a large byte offset value due to underflow in the end address
calculation in the calling nilfs_find_entry(), resulting in memory access
that exceeds the folio/page size.
Fix this issue by changing the type of the local variable causing the bit
loss from 'unsigned int' to 'u64'. The return value of nilfs_last_byte()
is also of type 'unsigned int', but it is truncated so as not to exceed
PAGE_SIZE and no bit loss occurs, so no change is required.
EPSS (Exploit Prediction Scoring System)
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score Trend (Last 90 Days)
Use After Free
StableCommon Consequences
Applicable Platforms
Linux Kernel by Linux
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel by Linux
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel by Linux
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel by Linux
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel by Linux
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel by Linux
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
Linux Kernel by Linux
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*