{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-39472", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-25T14:23:23.745Z", "datePublished": "2024-07-05T06:42:03.495Z", "dateUpdated": "2025-11-03T21:56:05.270Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:16:32.069Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa (\"xfs: detect and handle invalid iclog size set by\nmkfs\") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions. Later commit 0c771b99d6c9\n(\"xfs: clean up calculation of LR header blocks\") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/xfs/xfs_log_recover.c"], "versions": [{"version": "0c771b99d6c9a0552fea5cc43669b726dad8f659", "lessThan": "f754591b17d0ee91c2b45fe9509d0cdc420527cb", "status": "affected", "versionType": "git"}, {"version": "0c771b99d6c9a0552fea5cc43669b726dad8f659", "lessThan": "57835c0e7152e36b03875dd6c56dfeed685c1b1f", "status": "affected", "versionType": "git"}, {"version": "0c771b99d6c9a0552fea5cc43669b726dad8f659", "lessThan": "c2389c074973aa94e34992e7f66dac0de37595b5", "status": "affected", "versionType": "git"}, {"version": "0c771b99d6c9a0552fea5cc43669b726dad8f659", "lessThan": "45cf976008ddef4a9c9a30310c9b4fb2a9a6602a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/xfs/xfs_log_recover.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.165", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.105", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.46", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "5.15.165"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.1.105"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.6.46"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb"}, {"url": "https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f"}, {"url": "https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5"}, {"url": "https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a"}], "title": "xfs: fix log recovery buffer allocation for the legacy h_size fixup", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:56:05.270Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39472", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:07:45.783551Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:41.426Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.909Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39472", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:07:45.783551Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:25.222Z"}}], "cna": {"title": "xfs: fix log recovery buffer allocation for the legacy h_size fixup", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "0c771b99d6c9a0552fea5cc43669b726dad8f659", "lessThan": "f754591b17d0ee91c2b45fe9509d0cdc420527cb", "versionType": "git"}, {"status": "affected", "version": "0c771b99d6c9a0552fea5cc43669b726dad8f659", "lessThan": "57835c0e7152e36b03875dd6c56dfeed685c1b1f", "versionType": "git"}, {"status": "affected", "version": "0c771b99d6c9a0552fea5cc43669b726dad8f659", "lessThan": "c2389c074973aa94e34992e7f66dac0de37595b5", "versionType": "git"}, {"status": "affected", "version": "0c771b99d6c9a0552fea5cc43669b726dad8f659", "lessThan": "45cf976008ddef4a9c9a30310c9b4fb2a9a6602a", "versionType": "git"}], "programFiles": ["fs/xfs/xfs_log_recover.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.165", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.105", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.46", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/xfs/xfs_log_recover.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb"}, {"url": "https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f"}, {"url": "https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5"}, {"url": "https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa (\"xfs: detect and handle invalid iclog size set by\nmkfs\") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions. Later commit 0c771b99d6c9\n(\"xfs: clean up calculation of LR header blocks\") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:06:49.651Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39472", "state": "PUBLISHED", "dateUpdated": "2024-12-19T09:06:49.651Z", "dateReserved": "2024-06-25T14:23:23.745Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-05T06:42:03.495Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE25FF84-C614-42A2-B1D1-02DDB269B4FC", "versionEndIncluding": "6.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa (\"xfs: detect and handle invalid iclog size set by\nmkfs\") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions. Later commit 0c771b99d6c9\n(\"xfs: clean up calculation of LR header blocks\") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfs: corrige la asignaci\u00f3n del b\u00fafer de recuperaci\u00f3n de registros para la correcci\u00f3n heredada de h_size. El commit a70f9fe52daa (\"xfs: detecta y maneja el tama\u00f1o de iclog no v\u00e1lido establecido por mkfs\") agreg\u00f3 una correcci\u00f3n para los valores incorrectos de h_size usados para el registro desmontaje inicial en versiones antiguas de xfsprogs. Posteriormente, el commit 0c771b99d6c9 (\"xfs: c\u00e1lculo de limpieza de bloques de encabezado LR\") limpi\u00f3 el c\u00e1lculo del b\u00fafer de recuperaci\u00f3n de registros, pero dej\u00f3 de usar el valor h_size fijo para dimensionar el b\u00fafer de recuperaci\u00f3n de registros, lo que puede provocar un acceso fuera de los l\u00edmites cuando el h_size incorrecto no proviene de la antigua herramienta mkfs, sino de un fuzzer. Solucione este problema abriendo la codificaci\u00f3n xlog_logrec_hblks y teniendo en cuenta el h_size fijo para este c\u00e1lculo."}], "id": "CVE-2024-39472", "lastModified": "2025-11-03T22:17:03.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-05T07:15:10.020", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:8617", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.42.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8617", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.42.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8157", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.88.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:8158", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-16T00:00:00Z"}], "bugzilla": {"description": "kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup", "id": "2296067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296067"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\nCommit a70f9fe52daa (\"xfs: detect and handle invalid iclog size set by\nmkfs\") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions. Later commit 0c771b99d6c9\n(\"xfs: clean up calculation of LR header blocks\") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.", "A security vulnerability has been discovered in the Linux kernel's XFS file system implementation, specifically within the xlog_logrec_hblks function. This flaw arises from an inadequate log recovery buffer allocation during the processing of legacy header size adjustments. The vulnerability can be triggered by maliciously crafted inputs, leading to an out-of-bounds memory access. Successful exploitation of this condition could result in data corruption within the XFS file system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-39472", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-39472\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-39472\nhttps://lore.kernel.org/linux-cve-announce/2024070512-CVE-2024-39472-f977@gregkh/T"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting this specific CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability, justifying a severity downgrade from Moderate to Low.\nSecure baseline configurations provide a strong foundation for maintaining a secure and resilient environment. Rigorous testing and development practices, such as SAST and DAST, identify and address memory vulnerabilities before they are promoted to Red Hat production platforms, and the malicious code protection used further mitigates impacts by detecting, blocking, and responding to exploitation attempts. The platform uses OS versions that inherit certain security tools and features from RHEL that are enabled by default, such as SELinux and Address Space Layout Randomization (ASLR). Least functionality and process isolation minimizes the attack surface by disabling unauthorized services and ports and containing any corruption within the originating process, preventing it from affecting other processes or the system as a whole.", "threat_severity": "Moderate"}

{}