admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-449xx/CVE-2024-44939.json
cad-safe-bot 08c253cb5a Auto-Update: 2024-08-29T18:00:17.979389+00:00
2024-08-29 18:03:15 +00:00

37 lines
3.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-44939",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T12:15:06.007",
"lastModified": "2024-08-29T17:15:08.837",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the\npreviously true judgment \"p->header.flag & BT-LEAF\" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: corrige null ptr deref en dtInsertEntry [syzbot inform\u00f3] falla de protecci\u00f3n general, probablemente para direcci\u00f3n no can\u00f3nica 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr -deref en rango [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 5061 Comm: syz-executor404 No contaminado 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Nombre de hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 03 /27 /2024 RIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713 ... [Analizar] En dtInsertEntry(), cuando el puntero h tiene el mismo valor que p, despu\u00e9s de escribir el nombre en UniStrncpy_to_le(), Se borrar\u00e1 p->header.flag. Esto har\u00e1 que el juicio previamente verdadero \"p->header.flag & BT-LEAF\" cambie a no despu\u00e9s de escribir la operaci\u00f3n de nombre, esto lleva a ingresar una rama incorrecta y acceder al objeto no inicializado ih al juzgar esta condici\u00f3n por segunda vez. [Soluci\u00f3n] Despu\u00e9s de obtener la p\u00e1gina, verifique primero la lista libre, si lista libre == 0, salga de dtInsert() y devuelva -EINVAL."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink