CVE-2024-43826

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-43826

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43826.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-43826

Downstream

BELL-CVE-2024-43826

DEBIAN-CVE-2024-43826

OESA-2024-2124

RHSA-2024:9315

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

UBUNTU-CVE-2024-43826

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7196-1

Related

Published

2024-08-17T10:15:08Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

nfs: pass explicit offset/count to trace events

nfsfoliolength is unsafe to use without having the folio locked and a check for a NULL ->f_mapping that protects against truncations and can lead to kernel crashes. E.g. when running xfstests generic/065 with all nfs trace points enabled.

Follow the model of the XFS trace points and pass in an explіcit offset and length. This has the additional benefit that these values can be more accurate as some of the users touch partial folio ranges.

References

Affected packages