CVE-2024-42160 : In the Linux kernel, the following vulnerability has been resolved: f2fs: check

In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f2fs_build_fault_attr(). - Use f2fs_build_fault_attr() in __sbi_store() to clean up code.

Published 2024-07-30 08:15:07

Updated 2025-05-02 07:15:55

Source Linux

View at NVD, CVE.org

Products affected by CVE-2024-42160

Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.6.39
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 6.1.98
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.7 and before (<) 6.9.9
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-42160

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-42160

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2024-08-02
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2024-42160

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2024-42160

https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d

f2fs: check validation of fault attrs in f2fs_build_fault_attr() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b

f2fs: check validation of fault attrs in f2fs_build_fault_attr() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77

f2fs: check validation of fault attrs in f2fs_build_fault_attr() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/6e5b601706ce05d94338cad598736d96bb8096c8
https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e

f2fs: check validation of fault attrs in f2fs_build_fault_attr() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2024-42160

Products affected by CVE-2024-42160

Exploit prediction scoring system (EPSS) score for CVE-2024-42160

CVSS scores for CVE-2024-42160

CWE ids for CVE-2024-42160

References for CVE-2024-42160