vulnerability
Amazon Linux AMI 2: CVE-2024-47757: Security patch for kernel, kernel-livepatch-4.14.355-275.572, kernel-livepatch-4.14.355-275.582, kernel-livepatch-4.14.355-275.591, kernel-livepatch-4.14.355-275.603, kernel-livepatch-4.14.355-276.618 (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:L/Au:S/C:C/I:N/A:C) | Oct 21, 2024 | Jan 22, 2025 | Apr 30, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential oob read in nilfs_btree_check_delete()
The function nilfs_btree_check_delete(), which checks whether degeneration
to direct mapping occurs before deleting a b-tree entry, causes memory
access outside the block buffer when retrieving the maximum key if the
root node has no entries.
This does not usually happen because b-tree mappings with 0 child nodes
are never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen
if the b-tree root node read from a device is configured that way, so fix
this potential issue by adding a check for that case.
Solution(s)
References
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.