cve-2024-41014
Vulnerability from cvelistv5
Published
2024-07-29 06:37
Modified
2024-12-19 09:10
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed members of xlog_op_header in the xlog_recover_process_data. We can create a crafted image to trigger an out of bounds read by following these steps: 1) Mount an image of xfs, and do some file operations to leave records 2) Before umounting, copy the image for subsequent steps to simulate abnormal exit. Because umount will ensure that tail_blk and head_blk are the same, which will result in the inability to enter xlog_recover_process_data 3) Write a tool to parse and modify the copied image in step 2 4) Make the end of the xlog_op_header entries only 1 byte away from xlog_rec_header->h_size 5) xlog_rec_header->h_num_logops++ 6) Modify xlog_rec_header->h_crc Fix: Add a check to make sure there is sufficient space to access fixed members of xlog_op_header.
Impacted products
Vendor Product Version
Linux Linux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:55.916Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41014",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:24:49.673152Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:05.954Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/xfs/xfs_log_recover.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d1e3efe783365db59da88f08a2e0bfe1cc95b143",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fb63435b7c7dc112b1ae1baea5486e0a6e27b196",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/xfs/xfs_log_recover.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n    1) Mount an image of xfs, and do some file operations to leave records\n    2) Before umounting, copy the image for subsequent steps to simulate\n       abnormal exit. Because umount will ensure that tail_blk and\n       head_blk are the same, which will result in the inability to enter\n       xlog_recover_process_data\n    3) Write a tool to parse and modify the copied image in step 2\n    4) Make the end of the xlog_op_header entries only 1 byte away from\n       xlog_rec_header-\u003eh_size\n    5) xlog_rec_header-\u003eh_num_logops++\n    6) Modify xlog_rec_header-\u003eh_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:10:04.997Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143"
        },
        {
          "url": "https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196"
        }
      ],
      "title": "xfs: add bounds checking to xlog_recover_process_data",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41014",
    "datePublished": "2024-07-29T06:37:00.826Z",
    "dateReserved": "2024-07-12T12:17:45.611Z",
    "dateUpdated": "2024-12-19T09:10:04.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-41014\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-29T07:15:05.810\",\"lastModified\":\"2024-12-14T21:15:20.327\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nxfs: add bounds checking to xlog_recover_process_data\\n\\nThere is a lack of verification of the space occupied by fixed members\\nof xlog_op_header in the xlog_recover_process_data.\\n\\nWe can create a crafted image to trigger an out of bounds read by\\nfollowing these steps:\\n    1) Mount an image of xfs, and do some file operations to leave records\\n    2) Before umounting, copy the image for subsequent steps to simulate\\n       abnormal exit. Because umount will ensure that tail_blk and\\n       head_blk are the same, which will result in the inability to enter\\n       xlog_recover_process_data\\n    3) Write a tool to parse and modify the copied image in step 2\\n    4) Make the end of the xlog_op_header entries only 1 byte away from\\n       xlog_rec_header-\u003eh_size\\n    5) xlog_rec_header-\u003eh_num_logops++\\n    6) Modify xlog_rec_header-\u003eh_crc\\n\\nFix:\\nAdd a check to make sure there is sufficient space to access fixed members\\nof xlog_op_header.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfs: agregar verificaci\u00f3n de l\u00edmites a xlog_recover_process_data Falta verificaci\u00f3n del espacio ocupado por los miembros fijos de xlog_op_header en xlog_recover_process_data. Podemos crear una imagen manipulada para activar una lectura fuera de los l\u00edmites siguiendo estos pasos: 1) Montar una imagen de xfs y realizar algunas operaciones de archivo para dejar registros 2) Antes de desmontar, copie la imagen para los pasos posteriores para simular una salida anormal. Porque umount garantizar\u00e1 que tail_blk y head_blk sean iguales, lo que resultar\u00e1 en la imposibilidad de ingresar xlog_recover_process_data 3) Escriba una herramienta para analizar y modificar la imagen copiada en el paso 2 4) Haga que el final de las entradas xlog_op_header est\u00e9 a solo 1 byte de distancia xlog_rec_header-\u0026gt;h_size 5) xlog_rec_header-\u0026gt;h_num_logops++ 6) Modificar xlog_rec_header-\u0026gt;h_crc Soluci\u00f3n: agregue una marca para asegurarse de que haya suficiente espacio para acceder a los miembros fijos de xlog_op_header.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.