Количество 10
Количество 10
CVE-2024-26972
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-26972
A flaw was found in the ubifs module in the Linux kernel. A memory leak can occur when handling an error in the ubifs_symlink function in the fs/ubifs/dir.c file, potentially impacting system performance and possibly resulting in a denial of service.
CVE-2024-26972
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
GHSA-vwrr-j6j5-7xgm
In the Linux kernel, the following vulnerability has been resolved: ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path For error handling path in ubifs_symlink(), inode will be marked as bad first, then iput() is invoked. If inode->i_link is initialized by fscrypt_encrypt_symlink() in encryption scenario, inode->i_link won't be freed by callchain ubifs_free_inode -> fscrypt_free_inode in error handling path, because make_bad_inode() has changed 'inode->i_mode' as 'S_IFREG'. Following kmemleak is easy to be reproduced by injecting error in ubifs_jnl_update() when doing symlink in encryption scenario: unreferenced object 0xffff888103da3d98 (size 8): comm "ln", pid 1692, jiffies 4294914701 (age 12.045s) backtrace: kmemdup+0x32/0x70 __fscrypt_encrypt_symlink+0xed/0x1c0 ubifs_symlink+0x210/0x300 [ubifs] vfs_symlink+0x216/0x360 do_symlinkat+0x11a/0x190 do_syscall_64+0x3b/0xe0 There are two ways fixing it: 1. Remove make_bad_inode() in error handling...
SUSE-SU-2024:1644-1
Security update for the Linux Kernel
SUSE-SU-2024:1659-1
Security update for the Linux Kernel
SUSE-SU-2024:1663-1
Security update for the Linux Kernel
SUSE-SU-2024:2203-1
Security update for the Linux Kernel
SUSE-SU-2024:2135-1
Security update for the Linux Kernel
SUSE-SU-2024:2973-1
Security update for the Linux Kernel
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-26972 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | почти 2 года назад | ||
 | CVE-2024-26972 A flaw was found in the ubifs module in the Linux kernel. A memory leak can occur when handling an error in the ubifs_symlink function in the fs/ubifs/dir.c file, potentially impacting system performance and possibly resulting in a denial of service. | CVSS3: 5.5 | почти 2 года назад | |
 | CVE-2024-26972 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | почти 2 года назад | ||
| GHSA-vwrr-j6j5-7xgm In the Linux kernel, the following vulnerability has been resolved: ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path For error handling path in ubifs_symlink(), inode will be marked as bad first, then iput() is invoked. If inode->i_link is initialized by fscrypt_encrypt_symlink() in encryption scenario, inode->i_link won't be freed by callchain ubifs_free_inode -> fscrypt_free_inode in error handling path, because make_bad_inode() has changed 'inode->i_mode' as 'S_IFREG'. Following kmemleak is easy to be reproduced by injecting error in ubifs_jnl_update() when doing symlink in encryption scenario: unreferenced object 0xffff888103da3d98 (size 8): comm "ln", pid 1692, jiffies 4294914701 (age 12.045s) backtrace: kmemdup+0x32/0x70 __fscrypt_encrypt_symlink+0xed/0x1c0 ubifs_symlink+0x210/0x300 [ubifs] vfs_symlink+0x216/0x360 do_symlinkat+0x11a/0x190 do_syscall_64+0x3b/0xe0 There are two ways fixing it: 1. Remove make_bad_inode() in error handling... | почти 2 года назад | ||
 | SUSE-SU-2024:1644-1 Security update for the Linux Kernel | больше 1 года назад | ||
| SUSE-SU-2024:1659-1 Security update for the Linux Kernel | больше 1 года назад | ||
| SUSE-SU-2024:1663-1 Security update for the Linux Kernel | больше 1 года назад | ||
| SUSE-SU-2024:2203-1 Security update for the Linux Kernel | больше 1 года назад | ||
| SUSE-SU-2024:2135-1 Security update for the Linux Kernel | больше 1 года назад | ||
| SUSE-SU-2024:2973-1 Security update for the Linux Kernel | больше 1 года назад |
Уязвимостей на страницу