CVE-2024-47757

HIGH EPSS 14.8%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfs_btree_check_delete() The function nilfs_btree_check_delete(), which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory access outside the block buffer when retrieving the maximum key if the root node has no entries. This does not usually happen because b-tree mappings with 0 child nodes are never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen if the b-tree root node read from a device is configured that way, so fix this potential issue by adding a check for that case.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥2.6.30  –  <5.10.227
linuxlinux_kernel*≥5.11  –  <5.15.168
linuxlinux_kernel*≥5.16  –  <6.1.113
linuxlinux_kernel*≥6.2  –  <6.6.54
linuxlinux_kernel*≥6.7  –  <6.10.13
linuxlinux_kernel*≥6.11  –  <6.11.2

References 11

  • git.kernel.org https://git.kernel.org/stable/c/257f9e5185eb6de83377caea686c306e22e871f2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a33e967b681e088a125b979975c93e3453e686cd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a8abfda768b9f33630cfbc4af6c4214f1e5681b0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4cbcc64bb31e67e02940ce060cc77f7180564cf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4f8554996e8ada3be872dfb8f60e93bcf15fb27
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d20674f31626e0596ae4c1d9401dfb6739b81b58
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ed76d381dae125b81d09934e365391a656249da8
  • git.kernel.org https://git.kernel.org/stable/c/f3a9859767c7aea758976f5523903d247e585129
  • git.kernel.org https://git.kernel.org/stable/c/f9c96351aa6718b42a9f42eaf7adce0356bdb5e8
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/257f9e5185eb6de83377caea686c306e22e871f2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a33e967b681e088a125b979975c93e3453e686cd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a8abfda768b9f33630cfbc4af6c4214f1e5681b0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4cbcc64bb31e67e02940ce060cc77f7180564cf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4f8554996e8ada3be872dfb8f60e93bcf15fb27
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d20674f31626e0596ae4c1d9401dfb6739b81b58
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f9c96351aa6718b42a9f42eaf7adce0356bdb5e8
    Patch