CVE-2024-47757

nilfs2: fix potential oob read in nilfs_btree_check_delete()

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfs_btree_check_delete() The function nilfs_btree_check_delete(), which checks whether degeneration
to direct mapping occurs before deleting a b-tree entry, causes memory
access outside the block buffer when retrieving the maximum key if the
root node has no entries. This does not usually happen because b-tree mappings with 0 child nodes
are never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen
if the b-tree root node read from a device is configured that way, so fix
this potential issue by adding a check for that case.

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfs_btree_check_delete() The function nilfs_btree_check_delete(), which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory access outside the block buffer when retrieving the maximum key if the root node has no entries. This does not usually happen because b-tree mappings with 0 child nodes are never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen if the b-tree root node read from a device is configured that way, so fix this potential issue by adding a check for that case.

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-09-30 CVE Reserved
2024-10-21 CVE Published
2024-12-19 CVE Updated
2025-03-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/17c76b0104e4a6513983777e1a17e0297a12b0c4	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/f3a9859767c7aea758976f5523903d247e585129	2024-11-08
https://git.kernel.org/stable/c/ed76d381dae125b81d09934e365391a656249da8	2024-11-08
https://git.kernel.org/stable/c/d20674f31626e0596ae4c1d9401dfb6739b81b58	2024-10-17
https://git.kernel.org/stable/c/c4f8554996e8ada3be872dfb8f60e93bcf15fb27	2024-10-17
https://git.kernel.org/stable/c/a8abfda768b9f33630cfbc4af6c4214f1e5681b0	2024-10-17
https://git.kernel.org/stable/c/257f9e5185eb6de83377caea686c306e22e871f2	2024-10-04
https://git.kernel.org/stable/c/a33e967b681e088a125b979975c93e3453e686cd	2024-10-04
https://git.kernel.org/stable/c/c4cbcc64bb31e67e02940ce060cc77f7180564cf	2024-10-04
https://git.kernel.org/stable/c/f9c96351aa6718b42a9f42eaf7adce0356bdb5e8	2024-09-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 4.19.323 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 4.19.323"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 5.4.285 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 5.4.285"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 5.10.227 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 5.10.227"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 5.15.168 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 5.15.168"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 6.1.113 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 6.1.113"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 6.6.54 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 6.6.54"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 6.10.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 6.10.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 6.11.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 6.11.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 6.12"		en		Affected