{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40902", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.579Z", "datePublished": "2024-07-12T12:20:43.508Z", "dateUpdated": "2024-08-20T14:03:35.925Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:51:07.893Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: xattr: fix buffer overflow for invalid xattr\n\nWhen an xattr size is not what is expected, it is printed out to the\nkernel log in hex format as a form of debugging. But when that xattr\nsize is bigger than the expected size, printing it out can cause an\naccess off the end of the buffer.\n\nFix this all up by properly restricting the size of the debug hex dump\nin the kernel log."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/jfs/xattr.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "f0dedb5c511e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "1e84c9b18381", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "fc745f6e83cb", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "480e5bc21f2c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "33aecc5799c9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "4598233d9748", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "b537cb2f4c4a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "7c55b78818cf", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/jfs/xattr.c"], "versions": [{"version": "4.19.317", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f"}, {"url": "https://git.kernel.org/stable/c/1e84c9b1838152a87cf453270a5fa75c5037e83a"}, {"url": "https://git.kernel.org/stable/c/fc745f6e83cb650f9a5f2c864158e3a5ea76dad0"}, {"url": "https://git.kernel.org/stable/c/480e5bc21f2c42d90c2c16045d64d824dcdd5ec7"}, {"url": "https://git.kernel.org/stable/c/33aecc5799c93d3ee02f853cb94e201f9731f123"}, {"url": "https://git.kernel.org/stable/c/4598233d9748fe4db4e13b9f473588aa25e87d69"}, {"url": "https://git.kernel.org/stable/c/b537cb2f4c4a1357479716a9c339c0bda03d873f"}, {"url": "https://git.kernel.org/stable/c/7c55b78818cfb732680c4a72ab270cc2d2ee3d0f"}], "title": "jfs: xattr: fix buffer overflow for invalid xattr", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.415Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1e84c9b1838152a87cf453270a5fa75c5037e83a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fc745f6e83cb650f9a5f2c864158e3a5ea76dad0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/480e5bc21f2c42d90c2c16045d64d824dcdd5ec7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/33aecc5799c93d3ee02f853cb94e201f9731f123", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4598233d9748fe4db4e13b9f473588aa25e87d69", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b537cb2f4c4a1357479716a9c339c0bda03d873f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7c55b78818cfb732680c4a72ab270cc2d2ee3d0f", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "affected": [{"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "1da177e4c3f4", "status": "affected", "lessThan": "f0dedb5c511e", "versionType": "git"}, {"version": "1da177e4c3f4", "status": "affected", "lessThan": "1e84c9b18381", "versionType": "git"}, {"version": "1da177e4c3f4", "status": "affected", "lessThan": "fc745f6e83cb", "versionType": "git"}, {"version": "1da177e4c3f4", "status": "affected", "lessThan": "480e5bc21f2c", "versionType": "git"}, {"version": "1da177e4c3f4", "status": "affected", "lessThan": "33aecc5799c9", "versionType": "git"}, {"version": "1da177e4c3f4", "status": "affected", "lessThan": "4598233d9748", "versionType": "git"}, {"version": "1da177e4c3f4", "status": "affected", "lessThan": "b537cb2f4c4a", "versionType": "git"}, {"version": "1da177e4c3f4", "status": "affected", "lessThan": "7c55b78818cf", "versionType": "git"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-16T04:02:10.264268Z", "id": "CVE-2024-40902", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T14:03:35.925Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1e84c9b1838152a87cf453270a5fa75c5037e83a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fc745f6e83cb650f9a5f2c864158e3a5ea76dad0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/480e5bc21f2c42d90c2c16045d64d824dcdd5ec7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/33aecc5799c93d3ee02f853cb94e201f9731f123", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4598233d9748fe4db4e13b9f473588aa25e87d69", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b537cb2f4c4a1357479716a9c339c0bda03d873f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7c55b78818cfb732680c4a72ab270cc2d2ee3d0f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.415Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-40902", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-16T04:02:10.264268Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "f0dedb5c511e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "1e84c9b18381", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "fc745f6e83cb", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "480e5bc21f2c", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "33aecc5799c9", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "4598233d9748", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "b537cb2f4c4a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "7c55b78818cf", "versionType": "git"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T14:03:31.208Z"}}], "cna": {"title": "jfs: xattr: fix buffer overflow for invalid xattr", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "f0dedb5c511e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "1e84c9b18381", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "fc745f6e83cb", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "480e5bc21f2c", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "33aecc5799c9", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "4598233d9748", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "b537cb2f4c4a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "7c55b78818cf", "versionType": "git"}], "programFiles": ["fs/jfs/xattr.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.19.317", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.279", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.221", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.162", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.95", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.35", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.6", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/jfs/xattr.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f"}, {"url": "https://git.kernel.org/stable/c/1e84c9b1838152a87cf453270a5fa75c5037e83a"}, {"url": "https://git.kernel.org/stable/c/fc745f6e83cb650f9a5f2c864158e3a5ea76dad0"}, {"url": "https://git.kernel.org/stable/c/480e5bc21f2c42d90c2c16045d64d824dcdd5ec7"}, {"url": "https://git.kernel.org/stable/c/33aecc5799c93d3ee02f853cb94e201f9731f123"}, {"url": "https://git.kernel.org/stable/c/4598233d9748fe4db4e13b9f473588aa25e87d69"}, {"url": "https://git.kernel.org/stable/c/b537cb2f4c4a1357479716a9c339c0bda03d873f"}, {"url": "https://git.kernel.org/stable/c/7c55b78818cfb732680c4a72ab270cc2d2ee3d0f"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: xattr: fix buffer overflow for invalid xattr\n\nWhen an xattr size is not what is expected, it is printed out to the\nkernel log in hex format as a form of debugging. But when that xattr\nsize is bigger than the expected size, printing it out can cause an\naccess off the end of the buffer.\n\nFix this all up by properly restricting the size of the debug hex dump\nin the kernel log."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:51:07.893Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40902", "state": "PUBLISHED", "dateUpdated": "2024-08-20T14:03:35.925Z", "dateReserved": "2024-07-12T12:17:45.579Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:20:43.508Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD25C2E5-C116-4160-BA6D-CE9B0D10AE3E", "versionEndExcluding": "4.19.317", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4E38E58-1B9F-4DF2-AD3D-A8BEAA2959D8", "versionEndExcluding": "5.4.279", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "659E1520-6345-41AF-B893-A7C0647585A0", "versionEndExcluding": "5.10.221", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D435765D-2766-44F5-B319-F713A13E35CE", "versionEndExcluding": "6.1.95", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0", "versionEndExcluding": "6.6.35", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: xattr: fix buffer overflow for invalid xattr\n\nWhen an xattr size is not what is expected, it is printed out to the\nkernel log in hex format as a form of debugging. But when that xattr\nsize is bigger than the expected size, printing it out can cause an\naccess off the end of the buffer.\n\nFix this all up by properly restricting the size of the debug hex dump\nin the kernel log."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: jfs: xattr: corrige el desbordamiento del b\u00fafer para xattr no v\u00e1lido Cuando un tama\u00f1o de xattr no es el esperado, se imprime en el registro del kernel en formato hexadecimal como una forma de depuraci\u00f3n. Pero cuando el tama\u00f1o de xattr es mayor que el tama\u00f1o esperado, imprimirlo puede provocar un acceso desde el final del b\u00fafer. Solucione todo esto restringiendo adecuadamente el tama\u00f1o del volcado hexadecimal de depuraci\u00f3n en el registro del kernel."}], "id": "CVE-2024-40902", "lastModified": "2024-08-20T14:35:26.807", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-12T13:15:13.583", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1e84c9b1838152a87cf453270a5fa75c5037e83a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/33aecc5799c93d3ee02f853cb94e201f9731f123"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4598233d9748fe4db4e13b9f473588aa25e87d69"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/480e5bc21f2c42d90c2c16045d64d824dcdd5ec7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7c55b78818cfb732680c4a72ab270cc2d2ee3d0f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b537cb2f4c4a1357479716a9c339c0bda03d873f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fc745f6e83cb650f9a5f2c864158e3a5ea76dad0"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: jfs: xattr: fix buffer overflow for invalid xattr", "id": "2297486", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297486"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\njfs: xattr: fix buffer overflow for invalid xattr\nWhen an xattr size is not what is expected, it is printed out to the\nkernel log in hex format as a form of debugging. But when that xattr\nsize is bigger than the expected size, printing it out can cause an\naccess off the end of the buffer.\nFix this all up by properly restricting the size of the debug hex dump\nin the kernel log."], "name": "CVE-2024-40902", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40902\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40902\nhttps://lore.kernel.org/linux-cve-announce/2024071207-CVE-2024-40902-122a@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.317, kernel 5.4.279, kernel 5.10.221, kernel 5.15.162, kernel 6.1.95, kernel 6.6.35, kernel 6.9.6, kernel 6.10-rc4"}