cve/published/2024/CVE-2024-41015.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 ocfs2: add bounds checking to ocfs2_check_dir_entry()

 This adds sanity checks for ocfs2_dir_entry to make sure all members of
 ocfs2_dir_entry don't stray beyond valid memory region.

 The Linux kernel CVE team has assigned CVE-2024-41015 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 4.19.319 with commit 13d38c00df97289e6fba2e54193959293fd910d2
 	Fixed in 5.4.281 with commit 564d23cc5b216211e1694d53f7e45959396874d0
 	Fixed in 5.10.223 with commit 77495e5da5cb110a8fed27b052c77853fe282176
 	Fixed in 5.15.164 with commit 53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7
 	Fixed in 6.1.102 with commit fd65685594ee707cbf3ddf22ebb73697786ac114
 	Fixed in 6.6.43 with commit e05a24289db90f76ff606086aadd62d068a88dcd
 	Fixed in 6.9.12 with commit 624b380074f0dc209fb8706db3295c735079f34c
 	Fixed in 6.10.2 with commit edb2e67dd4626b06fd7eb37252d5067912e78d59
 	Fixed in 6.11 with commit 255547c6bb8940a97eea94ef9d464ea5967763fb

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-41015
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/ocfs2/dir.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/13d38c00df97289e6fba2e54193959293fd910d2
 	https://git.kernel.org/stable/c/564d23cc5b216211e1694d53f7e45959396874d0
 	https://git.kernel.org/stable/c/77495e5da5cb110a8fed27b052c77853fe282176
 	https://git.kernel.org/stable/c/53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7
 	https://git.kernel.org/stable/c/fd65685594ee707cbf3ddf22ebb73697786ac114
 	https://git.kernel.org/stable/c/e05a24289db90f76ff606086aadd62d068a88dcd
 	https://git.kernel.org/stable/c/624b380074f0dc209fb8706db3295c735079f34c
 	https://git.kernel.org/stable/c/edb2e67dd4626b06fd7eb37252d5067912e78d59
 	https://git.kernel.org/stable/c/255547c6bb8940a97eea94ef9d464ea5967763fb
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	ocfs2: add bounds checking to ocfs2_check_dir_entry()

	This adds sanity checks for ocfs2_dir_entry to make sure all members of
	ocfs2_dir_entry don't stray beyond valid memory region.

	The Linux kernel CVE team has assigned CVE-2024-41015 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 4.19.319 with commit 13d38c00df97289e6fba2e54193959293fd910d2
	Fixed in 5.4.281 with commit 564d23cc5b216211e1694d53f7e45959396874d0
	Fixed in 5.10.223 with commit 77495e5da5cb110a8fed27b052c77853fe282176
	Fixed in 5.15.164 with commit 53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7
	Fixed in 6.1.102 with commit fd65685594ee707cbf3ddf22ebb73697786ac114
	Fixed in 6.6.43 with commit e05a24289db90f76ff606086aadd62d068a88dcd
	Fixed in 6.9.12 with commit 624b380074f0dc209fb8706db3295c735079f34c
	Fixed in 6.10.2 with commit edb2e67dd4626b06fd7eb37252d5067912e78d59
	Fixed in 6.11 with commit 255547c6bb8940a97eea94ef9d464ea5967763fb

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-41015
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/ocfs2/dir.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/13d38c00df97289e6fba2e54193959293fd910d2
	https://git.kernel.org/stable/c/564d23cc5b216211e1694d53f7e45959396874d0
	https://git.kernel.org/stable/c/77495e5da5cb110a8fed27b052c77853fe282176
	https://git.kernel.org/stable/c/53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7
	https://git.kernel.org/stable/c/fd65685594ee707cbf3ddf22ebb73697786ac114
	https://git.kernel.org/stable/c/e05a24289db90f76ff606086aadd62d068a88dcd
	https://git.kernel.org/stable/c/624b380074f0dc209fb8706db3295c735079f34c
	https://git.kernel.org/stable/c/edb2e67dd4626b06fd7eb37252d5067912e78d59
	https://git.kernel.org/stable/c/255547c6bb8940a97eea94ef9d464ea5967763fb