CVE-2024-41018

fs/ntfs3: Add a check for attr_names and oatbl

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Add a check for attr_names and oatbl

Added out-of-bound checking for *ane (ATTR_NAME_ENTRY).

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-12 CVE Reserved
2024-07-29 CVE Published
2024-07-29 EPSS Updated
2024-09-15 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/e0b64e4ad2eb013fd3299e34e7fe5e19f321e140	Vuln. Introduced
https://git.kernel.org/stable/c/865e7a7700d930d34895a70f8af2eb4e778a5b0e	Vuln. Introduced
https://git.kernel.org/stable/c/653687cca0fdbf426c078b46c377c57bee49e837	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/f3124d51e4e7b56a732419d8dc270e807252334f	2024-07-27
https://git.kernel.org/stable/c/c114d2b88f8b226d4b2acf5a1ba0412cde6c31dd	2024-07-27
https://git.kernel.org/stable/c/9b71f820f7168f1eab8378c80c7ea8a022a475bc	2024-07-27
https://git.kernel.org/stable/c/702d4930eb06dcfda85a2fa67e8a1a27bfa2a845	2024-06-26

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.19 < 6.6.43 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.19 < 6.6.43"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.9.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.9.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.10.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.10.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.7.7 Search vendor "Linux" for product "Linux Kernel" and version "6.7.7"		en		Affected