SB2024062470 - Buffer overflow in Linux kernel nilfs2

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2024-26956)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nilfs_direct_lookup_contig() function in fs/nilfs2/direct.c, within the nilfs_btree_lookup_contig() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/b67189690eb4b7ecc84ae16fa1e880e0123eaa35
• https://git.kernel.org/stable/c/9cbe1ad5f4354f4df1445e5f4883983328cd6d8e
• https://git.kernel.org/stable/c/c3b5c5c31e723b568f83d8cafab8629d9d830ffb
• https://git.kernel.org/stable/c/2e2619ff5d0def4bb6c2037a32a6eaa28dd95c84
• https://git.kernel.org/stable/c/46b832e09d43b394ac0f6d9485d2b1a06593f0b7
• https://git.kernel.org/stable/c/f69e81396aea66304d214f175aa371f1b5578862
• https://git.kernel.org/stable/c/a8e4d098de1c0f4c5c1f2ed4633a860f0da6d713
• https://git.kernel.org/stable/c/82827ca21e7c8a91384c5baa656f78a5adfa4ab4
• https://git.kernel.org/stable/c/f2f26b4a84a0ef41791bd2d70861c8eac748f4ba
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.312
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.274
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3