Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

0

CVE-2024-26981

Disclosure Date: May 01, 2024 •

CVE-2024-26981 CVSS v3 Base Score: 7.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix OOB in nilfs_set_de_type

The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is
defined as “S_IFMT >> S_SHIFT”, but the nilfs_set_de_type() function,
which uses this array, specifies the index to read from the array in the
same way as “(mode & S_IFMT) >> S_SHIFT”.

static void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode
*inode)
{

umode_t mode = inode->i_mode;

de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob

}

However, when the index is determined this way, an out-of-bounds (OOB)
error occurs by referring to an index that is 1 larger than the array size
when the condition “mode & S_IFMT == S_IFMT” is satisfied. Therefore, a
patch to resize the nilfs_type_by_mode array should be applied to prevent
OOB errors.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

Products

References

Canonical

CVE-2024-26981 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26981)

Miscellaneous

https://git.kernel.org/stable/c/bdbe483da21f852c93b22557b146bc4d989260f0

https://git.kernel.org/stable/c/897ac5306bbeb83e90c437326f7044c79a17c611

https://git.kernel.org/stable/c/2382eae66b196c31893984a538908c3eb7506ff9

https://git.kernel.org/stable/c/90823f8d9ecca3d5fa6b102c8e464c62f416975f

https://git.kernel.org/stable/c/c4a7dc9523b59b3e73fd522c73e95e072f876b16

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/

https://git.kernel.org/stable/c/054f29e9ca05be3906544c5f2a2c7321c30a4243

https://git.kernel.org/stable/c/90f43980ea6be4ad903e389be9a27a2a0018f1c8

https://git.kernel.org/stable/c/7061c7efbb9e8f11ce92d6b4646405ea2b0b4de1

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Rapid7

Technical Analysis