CVE-2024-26981
- Source
- https://cve.org/CVERecord?id=CVE-2024-26981
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26981.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-26981
- Downstream
- Related
- Published
- 2024-05-01T05:27:06.469Z
- Modified
- 2026-03-13T07:52:01.201072Z
- Summary
- nilfs2: fix OOB in nilfs_set_de_type
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix OOB in nilfssetde_type
The size of the nilfstypebymode array in the fs/nilfs2/dir.c file is defined as "SIFMT >> SSHIFT", but the nilfssetdetype() function, which uses this array, specifies the index to read from the array in the same way as "(mode & SIFMT) >> SSHIFT".
static void nilfssetdetype(struct nilfsdirentry *de, struct inode *inode) { umodet mode = inode->i_mode;
de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob}
However, when the index is determined this way, an out-of-bounds (OOB) error occurs by referring to an index that is 1 larger than the array size when the condition "mode & SIFMT == SIFMT" is satisfied. Therefore, a patch to resize the nilfstypeby_mode array should be applied to prevent OOB errors.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26981.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/054f29e9ca05be3906544c5f2a2c7321c30a4243
- https://git.kernel.org/stable/c/2382eae66b196c31893984a538908c3eb7506ff9
- https://git.kernel.org/stable/c/7061c7efbb9e8f11ce92d6b4646405ea2b0b4de1
- https://git.kernel.org/stable/c/897ac5306bbeb83e90c437326f7044c79a17c611
- https://git.kernel.org/stable/c/90823f8d9ecca3d5fa6b102c8e464c62f416975f
- https://git.kernel.org/stable/c/90f43980ea6be4ad903e389be9a27a2a0018f1c8
- https://git.kernel.org/stable/c/bdbe483da21f852c93b22557b146bc4d989260f0
- https://git.kernel.org/stable/c/c4a7dc9523b59b3e73fd522c73e95e072f876b16
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26981.json
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/
- https://nvd.nist.gov/vuln/detail/CVE-2024-26981
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2ba466d74ed74f073257f86e61519cb8f8f46184Fixed054f29e9ca05be3906544c5f2a2c7321c30a4243Fixed90f43980ea6be4ad903e389be9a27a2a0018f1c8Fixed7061c7efbb9e8f11ce92d6b4646405ea2b0b4de1Fixedbdbe483da21f852c93b22557b146bc4d989260f0Fixed897ac5306bbeb83e90c437326f7044c79a17c611Fixed2382eae66b196c31893984a538908c3eb7506ff9Fixed90823f8d9ecca3d5fa6b102c8e464c62f416975fFixedc4a7dc9523b59b3e73fd522c73e95e072f876b16