CVE-2024-41016

MEDIUM EPSS 14.9%
Published Jul 29, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 29, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel* <4.19.323
linuxlinux_kernel*≥4.20  –  <5.4.285
linuxlinux_kernel*≥5.5  –  <5.10.227
linuxlinux_kernel*≥5.11  –  <5.15.168
linuxlinux_kernel*≥5.16  –  <6.1.112
linuxlinux_kernel*≥6.2  –  <6.6.53
linuxlinux_kernel*≥6.7  –  <6.10.12

References 11

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
  • git.kernel.org https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e8f9c4af7af7e9e4cd09c0251c7936593147419f
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e8f9c4af7af7e9e4cd09c0251c7936593147419f
    Patch