{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41017", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.612Z", "datePublished": "2024-07-29T06:37:03.390Z", "dateUpdated": "2024-11-05T09:35:04.080Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:35:04.080Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: don't walk off the end of ealist\n\nAdd a check before visiting the members of ea to\nmake sure each ea stays within the ealist."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/jfs/xattr.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "7f91bd0f2941", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "fc16776a82e8", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "6386f1b6a10e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "7e21574195a4", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "4e034f7e563a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "17440dbc66ab", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "f4435f476b9b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "dbde7bc91093", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "d0fa70aca54c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/jfs/xattr.c"], "versions": [{"version": "4.19.319", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.281", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.223", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.164", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.102", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.43", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.12", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.2", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746"}, {"url": "https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5"}, {"url": "https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce"}, {"url": "https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e"}, {"url": "https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8"}, {"url": "https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751"}, {"url": "https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375"}, {"url": "https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73"}, {"url": "https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4"}], "title": "jfs: don't walk off the end of ealist", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.067Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41017", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:24:38.749773Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:05.610Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.067Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41017", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:24:38.749773Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:20.596Z"}}], "cna": {"title": "jfs: don't walk off the end of ealist", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "7f91bd0f2941", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "fc16776a82e8", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "6386f1b6a10e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "7e21574195a4", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "4e034f7e563a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "17440dbc66ab", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "f4435f476b9b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "dbde7bc91093", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "d0fa70aca54c", "versionType": "git"}], "programFiles": ["fs/jfs/xattr.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.19.319", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.281", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.223", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.164", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.102", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.43", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.12", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10.2", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/jfs/xattr.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746"}, {"url": "https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5"}, {"url": "https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce"}, {"url": "https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e"}, {"url": "https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8"}, {"url": "https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751"}, {"url": "https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375"}, {"url": "https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73"}, {"url": "https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: don't walk off the end of ealist\n\nAdd a check before visiting the members of ea to\nmake sure each ea stays within the ealist."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:35:04.080Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41017", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:35:04.080Z", "dateReserved": "2024-07-12T12:17:45.612Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T06:37:03.390Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: don't walk off the end of ealist\n\nAdd a check before visiting the members of ea to\nmake sure each ea stays within the ealist."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: no salga del final de ealist. Agregue una verificaci\u00f3n antes de visitar a los miembros de ea para asegurarse de que cada ea permanezca dentro de ealist."}], "id": "CVE-2024-41017", "lastModified": "2024-07-29T14:12:08.783", "metrics": {}, "published": "2024-07-29T07:15:06.523", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: jfs: don't walk off the end of ealist", "id": "2300300", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300300"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\njfs: don't walk off the end of ealist\nAdd a check before visiting the members of ea to\nmake sure each ea stays within the ealist.", "A vulnerability was found in the Journaled File System (JFS) in the kernel code, which allows for out-of-bounds access when traversing the extended attribute list (ealist)."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-41017", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41017\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41017\nhttps://lore.kernel.org/linux-cve-announce/2024072911-CVE-2024-41017-f367@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.319, kernel 5.4.281, kernel 5.10.223, kernel 5.15.164, kernel 6.1.102, kernel 6.6.43, kernel 6.9.12, kernel 6.10.2, kernel 6.11-rc1"}