vulnerability
Oracle Linux: CVE-2024-41016: ELSA-2024-12884: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | 2024-07-29 | 2024-12-17 | 2025-01-23 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
2024-07-29
Added
2024-12-17
Modified
2025-01-23
Description
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
xattr in ocfs2 maybe 'non-indexed', which saved with additional space
requested. It's better to check if the memory is out of bound before
memcmp, although this possibility mainly comes from crafted poisonous
images.
A flaw was found in the ocfs2_xattr_find_entry() function in the Linux kernel's Oracle Cluster File System version 2 (OCFS2). This issue arose due to inadequate bounds checking before a memcmp operation, particularly when handling "non-indexed" extended attributes (xattrs) that might request additional space.
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
xattr in ocfs2 maybe 'non-indexed', which saved with additional space
requested. It's better to check if the memory is out of bound before
memcmp, although this possibility mainly comes from crafted poisonous
images.
A flaw was found in the ocfs2_xattr_find_entry() function in the Linux kernel's Oracle Cluster File System version 2 (OCFS2). This issue arose due to inadequate bounds checking before a memcmp operation, particularly when handling "non-indexed" extended attributes (xattrs) that might request additional space.
Solution
oracle-linux-upgrade-kernel-uek
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.