CVE-2024-41014

{"id": "CVE-2024-41014", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2024-07-29T07:15:05.810", "references": [{"url": "https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1", "tags": ["Mailing List", "Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143", "tags": ["Mailing List", "Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196", "tags": ["Mailing List", "Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n 1) Mount an image of xfs, and do some file operations to leave records\n 2) Before umounting, copy the image for subsequent steps to simulate\n abnormal exit. Because umount will ensure that tail_blk and\n head_blk are the same, which will result in the inability to enter\n xlog_recover_process_data\n 3) Write a tool to parse and modify the copied image in step 2\n 4) Make the end of the xlog_op_header entries only 1 byte away from\n xlog_rec_header->h_size\n 5) xlog_rec_header->h_num_logops++\n 6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfs: agregar verificaci\u00f3n de l\u00edmites a xlog_recover_process_data Falta verificaci\u00f3n del espacio ocupado por los miembros fijos de xlog_op_header en xlog_recover_process_data. Podemos crear una imagen manipulada para activar una lectura fuera de los l\u00edmites siguiendo estos pasos: 1) Montar una imagen de xfs y realizar algunas operaciones de archivo para dejar registros 2) Antes de desmontar, copie la imagen para los pasos posteriores para simular una salida anormal. Porque umount garantizar\u00e1 que tail_blk y head_blk sean iguales, lo que resultar\u00e1 en la imposibilidad de ingresar xlog_recover_process_data 3) Escriba una herramienta para analizar y modificar la imagen copiada en el paso 2 4) Haga que el final de las entradas xlog_op_header est\u00e9 a solo 1 byte de distancia xlog_rec_header->h_size 5) xlog_rec_header->h_num_logops++ 6) Modificar xlog_rec_header->h_crc Soluci\u00f3n: agregue una marca para asegurarse de que haya suficiente espacio para acceder a los miembros fijos de xlog_op_header."}], "lastModified": "2025-11-03T21:16:16.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B0FAB02-E16A-4263-9895-889F5A3200D5", "versionEndExcluding": "6.1.120"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7", "versionEndExcluding": "6.6.64", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0AFF4B3-FB61-4841-BE39-C5786A46BBA0", "versionEndExcluding": "6.11", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}