Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-966p-c3x9-6gp2

Опубликовано: 29 июл. 2024
Источник: github
Github: Не прошло ревью
CVSS3: 5.5

Описание

In the Linux kernel, the following vulnerability has been resolved:

bcachefs: Fix sb_field_downgrade validation

  • bch2_sb_downgrade_validate() wasn't checking for a downgrade entry extending past the end of the superblock section

  • for_each_downgrade_entry() is used in to_text() and needs to work on malformed input; it also was missing a check for a field extending past the end of the section

In the Linux kernel, the following vulnerability has been resolved:

bcachefs: Fix sb_field_downgrade validation

  • bch2_sb_downgrade_validate() wasn't checking for a downgrade entry extending past the end of the superblock section

  • for_each_downgrade_entry() is used in to_text() and needs to work on malformed input; it also was missing a check for a field extending past the end of the section

Ссылки

EPSS

Процентиль: 3%
0.00017
Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2024-41086

Связанные уязвимости

ubuntu логотип

CVE-2024-41086

CVSS3: 5.5
ubuntu
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Fix sb_field_downgrade validation - bch2_sb_downgrade_validate() wasn't checking for a downgrade entry extending past the end of the superblock section - for_each_downgrade_entry() is used in to_text() and needs to work on malformed input; it also was missing a check for a field extending past the end of the section

redhat логотип

CVE-2024-41086

CVSS3: 5.5
redhat
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Fix sb_field_downgrade validation - bch2_sb_downgrade_validate() wasn't checking for a downgrade entry extending past the end of the superblock section - for_each_downgrade_entry() is used in to_text() and needs to work on malformed input; it also was missing a check for a field extending past the end of the section

nvd логотип

CVE-2024-41086

CVSS3: 5.5
nvd
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Fix sb_field_downgrade validation - bch2_sb_downgrade_validate() wasn't checking for a downgrade entry extending past the end of the superblock section - for_each_downgrade_entry() is used in to_text() and needs to work on malformed input; it also was missing a check for a field extending past the end of the section

debian логотип

CVE-2024-41086

CVSS3: 5.5
debian
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: b ...

EPSS

Процентиль: 3%
0.00017
Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2024-41086