CVE-2024-38623 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Linux	Linux Kernel

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/1997cdc3e727526aa5d84b32f7cbb3f56459b7ef
https://git.kernel.org/stable/c/1fe1c9dc21ee52920629d2d9b9bd84358931a8d1
https://git.kernel.org/stable/c/3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7
https://git.kernel.org/stable/c/a2de301d90b782ac5d7a5fe32995caaee9ab3a0f
https://git.kernel.org/stable/c/cceef44b34819c24bb6ed70dce5b524bd3e368d1
https://lore.kernel.org/linux-cve-announce/2024062139-CVE-2024-38623-7c77@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-38623
https://www.cve.org/CVERecord?id=CVE-2024-38623

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-21T10:18:16.291Z

Updated: 2024-12-19T09:05:51.693Z

Reserved: 2024-06-18T19:36:34.945Z

Link: CVE-2024-38623

Vulnrichment

Updated: 2024-08-02T04:12:25.994Z

NVD

Status : Awaiting Analysis

Published: 2024-06-21T11:15:11.277

Modified: 2024-11-21T09:26:30.777

Link: CVE-2024-38623

Redhat

Severity : Moderate

Publid Date: 2024-06-21T00:00:00Z

Links: CVE-2024-38623 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38623", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.945Z", "datePublished": "2024-06-21T10:18:16.291Z", "dateUpdated": "2024-12-19T09:05:51.693Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:05:51.693Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use variable length array instead of fixed size\n\nShould fix smatch warning:\n\tntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ntfs3/ntfs.h"], "versions": [{"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "a2de301d90b782ac5d7a5fe32995caaee9ab3a0f", "status": "affected", "versionType": "git"}, {"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7", "status": "affected", "versionType": "git"}, {"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "1fe1c9dc21ee52920629d2d9b9bd84358931a8d1", "status": "affected", "versionType": "git"}, {"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "cceef44b34819c24bb6ed70dce5b524bd3e368d1", "status": "affected", "versionType": "git"}, {"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "1997cdc3e727526aa5d84b32f7cbb3f56459b7ef", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ntfs3/ntfs.h"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.161", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.93", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.4", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/a2de301d90b782ac5d7a5fe32995caaee9ab3a0f"}, {"url": "https://git.kernel.org/stable/c/3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7"}, {"url": "https://git.kernel.org/stable/c/1fe1c9dc21ee52920629d2d9b9bd84358931a8d1"}, {"url": "https://git.kernel.org/stable/c/cceef44b34819c24bb6ed70dce5b524bd3e368d1"}, {"url": "https://git.kernel.org/stable/c/1997cdc3e727526aa5d84b32f7cbb3f56459b7ef"}], "title": "fs/ntfs3: Use variable length array instead of fixed size", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-129", "lang": "en", "description": "CWE-129 Improper Validation of Array Index"}]}], "affected": [{"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4534a70b7056", "status": "affected", "lessThan": "a2de301d90b7", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4534a70b7056", "status": "affected", "lessThan": "3839a9b19a4b", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4534a70b7056", "status": "affected", "lessThan": "1fe1c9dc21ee", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4534a70b7056", "status": "affected", "lessThan": "cceef44b3481", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4534a70b7056", "status": "affected", "lessThan": "1997cdc3e727", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.15", "status": "affected"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "unaffected", "lessThan": "5.15", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.15.161", "status": "unaffected", "lessThanOrEqual": "5.16", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.1.93", "status": "unaffected", "lessThanOrEqual": "6.2", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.6.33", "status": "unaffected", "lessThanOrEqual": "6.7", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.9.4", "status": "unaffected", "lessThanOrEqual": "6.10", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.10-rc1", "status": "unaffected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-25T14:54:31.559522Z", "id": "CVE-2024-38623", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T15:08:32.014Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.994Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/a2de301d90b782ac5d7a5fe32995caaee9ab3a0f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1fe1c9dc21ee52920629d2d9b9bd84358931a8d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cceef44b34819c24bb6ed70dce5b524bd3e368d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1997cdc3e727526aa5d84b32f7cbb3f56459b7ef", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/a2de301d90b782ac5d7a5fe32995caaee9ab3a0f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1fe1c9dc21ee52920629d2d9b9bd84358931a8d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cceef44b34819c24bb6ed70dce5b524bd3e368d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1997cdc3e727526aa5d84b32f7cbb3f56459b7ef", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.994Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-38623", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-25T14:54:31.559522Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "4534a70b7056", "lessThan": "a2de301d90b7", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "4534a70b7056", "lessThan": "3839a9b19a4b", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "4534a70b7056", "lessThan": "1fe1c9dc21ee", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "4534a70b7056", "lessThan": "cceef44b3481", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "4534a70b7056", "lessThan": "1997cdc3e727", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "5.15"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "0", "lessThan": "5.15", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.15.161", "versionType": "custom", "lessThanOrEqual": "5.16"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.1.93", "versionType": "custom", "lessThanOrEqual": "6.2"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.6.33", "versionType": "custom", "lessThanOrEqual": "6.7"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.9.4", "versionType": "custom", "lessThanOrEqual": "6.10"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.10-rc1"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T14:57:44.348Z"}}], "cna": {"title": "fs/ntfs3: Use variable length array instead of fixed size", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "a2de301d90b782ac5d7a5fe32995caaee9ab3a0f", "versionType": "git"}, {"status": "affected", "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7", "versionType": "git"}, {"status": "affected", "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "1fe1c9dc21ee52920629d2d9b9bd84358931a8d1", "versionType": "git"}, {"status": "affected", "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "cceef44b34819c24bb6ed70dce5b524bd3e368d1", "versionType": "git"}, {"status": "affected", "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "1997cdc3e727526aa5d84b32f7cbb3f56459b7ef", "versionType": "git"}], "programFiles": ["fs/ntfs3/ntfs.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.15"}, {"status": "unaffected", "version": "0", "lessThan": "5.15", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.161", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.93", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.33", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.4", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/ntfs3/ntfs.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/a2de301d90b782ac5d7a5fe32995caaee9ab3a0f"}, {"url": "https://git.kernel.org/stable/c/3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7"}, {"url": "https://git.kernel.org/stable/c/1fe1c9dc21ee52920629d2d9b9bd84358931a8d1"}, {"url": "https://git.kernel.org/stable/c/cceef44b34819c24bb6ed70dce5b524bd3e368d1"}, {"url": "https://git.kernel.org/stable/c/1997cdc3e727526aa5d84b32f7cbb3f56459b7ef"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use variable length array instead of fixed size\n\nShould fix smatch warning:\n\tntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:05:51.693Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38623", "state": "PUBLISHED", "dateUpdated": "2024-12-19T09:05:51.693Z", "dateReserved": "2024-06-18T19:36:34.945Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-21T10:18:16.291Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use variable length array instead of fixed size\n\nShould fix smatch warning:\n\tntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: fs/ntfs3: use una matriz de longitud variable en lugar de un tama\u00f1o fijo. Deber\u00eda corregirse la advertencia de coincidencia: error ntfs_set_label(): __builtin_memcpy() 'uni->name' demasiado peque\u00f1o (20 vs 256)"}], "id": "CVE-2024-38623", "lastModified": "2024-11-21T09:26:30.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-21T11:15:11.277", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1997cdc3e727526aa5d84b32f7cbb3f56459b7ef"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1fe1c9dc21ee52920629d2d9b9bd84358931a8d1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a2de301d90b782ac5d7a5fe32995caaee9ab3a0f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cceef44b34819c24bb6ed70dce5b524bd3e368d1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/1997cdc3e727526aa5d84b32f7cbb3f56459b7ef"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/1fe1c9dc21ee52920629d2d9b9bd84358931a8d1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/a2de301d90b782ac5d7a5fe32995caaee9ab3a0f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/cceef44b34819c24bb6ed70dce5b524bd3e368d1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: fs/ntfs3: Use variable length array instead of fixed size", "id": "2293704", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293704"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfs/ntfs3: Use variable length array instead of fixed size\nShould fix smatch warning:\nntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)", "A vulnerability was found in the Linux kernel's NTFS3 filesystem module. This issue has been resolved by switching from a fixed-size array to a variable-length array. This change mitigates the risk of buffer overflows that could potentially be exploited by attackers."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-38623", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38623\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38623\nhttps://lore.kernel.org/linux-cve-announce/2024062139-CVE-2024-38623-7c77@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.161, kernel 6.1.93, kernel 6.6.33, kernel 6.9.4, kernel 6.10-rc1"}