jfs:xattr:修复无效 xattr 的缓冲区溢出(CVE-2024-40902)

admin
admin
admin
0
文章
0
评论
2024-07-22 15:35:26 Ali_nvd 来源:ZONE.CI 全球网 0 阅读模式
jfs:xattr:修复无效 xattr 的缓冲区溢出(CVE-2024-40902)

CVE编号

CVE-2024-40902

利用情况

暂无

补丁情况

N/A

披露时间

2024-07-12
漏洞描述
In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size, printing it out can cause an access off the end of the buffer. Fix this all up by properly restricting the size of the debug hex dump in the kernel log.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
https://git.kernel.org/stable/c/1e84c9b1838152a87cf453270a5fa75c5037e83a
https://git.kernel.org/stable/c/33aecc5799c93d3ee02f853cb94e201f9731f123
https://git.kernel.org/stable/c/4598233d9748fe4db4e13b9f473588aa25e87d69
https://git.kernel.org/stable/c/480e5bc21f2c42d90c2c16045d64d824dcdd5ec7
https://git.kernel.org/stable/c/7c55b78818cfb732680c4a72ab270cc2d2ee3d0f
https://git.kernel.org/stable/c/b537cb2f4c4a1357479716a9c339c0bda03d873f
https://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f
https://git.kernel.org/stable/c/fc745f6e83cb650f9a5f2c864158e3a5ea76dad0
CVSS3评分 N/A
  • 攻击路径 N/A
  • 攻击复杂度 N/A
  • 权限要求 N/A
  • 影响范围 N/A
  • 用户交互 N/A
  • 可用性 N/A
  • 保密性 N/A
  • 完整性 N/A
N/A
CWE-ID 漏洞类型
- avd.aliyun.com
weinxin
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
评论:0   参与:  0