CVE-2024-42143

high

Description

In the Linux kernel, the following vulnerability has been resolved: orangefs: fix out-of-bounds fsid access Arnd Bergmann sent a patch to fsdevel, he says: "orangefs_statfs() copies two consecutive fields of the superblock into the statfs structure, which triggers a warning from the string fortification helpers" Jan Kara suggested an alternate way to do the patch to make it more readable. I ran both ideas through xfstests and both seem fine. This patch is based on Jan Kara's suggestion.

References

https://git.kernel.org/stable/c/de8a5f7b71800a11fbaffc8ddacf08ead78afcc5

https://git.kernel.org/stable/c/b90176a9553775e23966650e445b1866e62e4924

https://git.kernel.org/stable/c/74159d409da82269311a60256aad8ae8753da450

https://git.kernel.org/stable/c/6a3cacf6d3cf0278aa90392aef2fc3fe2717a047

https://git.kernel.org/stable/c/556edaa27c27db24a0f34c78cebef90e5bb6e167

https://git.kernel.org/stable/c/53e4efa470d5fc6a96662d2d3322cfc925818517

https://git.kernel.org/stable/c/1617249e24bd04c8047956afb43feec4876d1715

https://git.kernel.org/stable/c/137a06dc0ff8b2d2069c2345d015ef0fa71df1ed

Details

Source: Mitre, NVD

Published: 2024-07-30

Updated: 2024-07-30

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High