CVE-2024-56596 : In the Linux kernel, the following vulnerability has been resolved: jfs: fix ar

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in jfs_readdir The stbl might contain some invalid values. Added a check to return error code in that case.

Published 2024-12-27 14:51:03

Updated 2025-01-16 16:12:14

Source Linux

View at NVD, CVE.org

Products affected by CVE-2024-56596

Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 6.1.120
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.6.66
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.15.174
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.7 and before (<) 6.12.5
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.231
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 5.4.287
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-56596

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 8 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-56596

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2025-01-16
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2024-56596

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2024-56596

https://git.kernel.org/stable/c/839f102efb168f02dfdd46717b7c6dddb26b015e

jfs: fix array-index-out-of-bounds in jfs_readdir - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/ff9fc48fab0e1ea0d423c23c99b91bba178f0b05

jfs: fix array-index-out-of-bounds in jfs_readdir - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/e7d376f94f72b020f84e77278b150ec1cc27502c

Patch
https://git.kernel.org/stable/c/97e693593162eef6851d232f0c8148169ed46a5c

Patch
https://git.kernel.org/stable/c/b62f41aeec9d250144c53875b507c1d45ae8c8fc

Patch
https://git.kernel.org/stable/c/9efe72eefd4c4a7ce63b3e4d667d766d2b360cb4

jfs: fix array-index-out-of-bounds in jfs_readdir - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/8ff7579554571d92e3deab168f5a7d7b146ed368

jfs: fix array-index-out-of-bounds in jfs_readdir - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2024-56596

Products affected by CVE-2024-56596

Exploit prediction scoring system (EPSS) score for CVE-2024-56596

CVSS scores for CVE-2024-56596

CWE ids for CVE-2024-56596

References for CVE-2024-56596