CVE - CVE-2024-41016

CVE-ID
CVE-2024-41016	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637 URL:https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637 MISC:https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262 URL:https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262 MISC:https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e URL:https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e MISC:https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e URL:https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e MISC:https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180 URL:https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180 MISC:https://git.kernel.org/stable/c/e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090 URL:https://git.kernel.org/stable/c/e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090 MISC:https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa URL:https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa MISC:https://git.kernel.org/stable/c/e8f9c4af7af7e9e4cd09c0251c7936593147419f URL:https://git.kernel.org/stable/c/e8f9c4af7af7e9e4cd09c0251c7936593147419f
Assigning CNA
kernel.org
Date Record Created
20240712	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240712)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.