CVE-2024-41019 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate ff offset This adds sanity checks for ff offset. There is a check on rt->first_free at first, but walking through by ff without any check. If the second ff is a large offset. We may encounter an out-of-bound read.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/35652dfa8cc9a8a900ec0f1e0395781f94ffc5f0
https://git.kernel.org/stable/c/50c47879650b4c97836a0086632b3a2e300b0f06
https://git.kernel.org/stable/c/617cf144c206f98978ec730b17159344fd147cb4
https://git.kernel.org/stable/c/6ae7265a7b816879fd0203e83b5030d3720bbb7a
https://git.kernel.org/stable/c/818a257428644b8873e79c44404d8fb6598d4440
https://git.kernel.org/stable/c/82c94e6a7bd116724738aa67eba6f5fedf3a3319
https://lore.kernel.org/linux-cve-announce/2024072911-CVE-2024-41019-bf1d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-41019
https://www.cve.org/CVERecord?id=CVE-2024-41019

History

Sun, 15 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 06 Sep 2024 13:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-29T06:37:05.300Z

Updated: 2024-11-05T09:35:06.305Z

Reserved: 2024-07-12T12:17:45.613Z

Link: CVE-2024-41019

Vulnrichment

Updated: 2024-08-02T04:39:56.076Z

NVD

Status : Awaiting Analysis

Published: 2024-07-29T07:15:07.023

Modified: 2024-07-29T14:12:08.783

Link: CVE-2024-41019

Redhat

Severity : Moderate

Publid Date: 2024-07-29T00:00:00Z

Links: CVE-2024-41019 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41019", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.613Z", "datePublished": "2024-07-29T06:37:05.300Z", "dateUpdated": "2024-11-05T09:35:06.305Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:35:06.305Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Validate ff offset\n\nThis adds sanity checks for ff offset. There is a check\non rt->first_free at first, but walking through by ff\nwithout any check. If the second ff is a large offset.\nWe may encounter an out-of-bound read."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ntfs3/fslog.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "35652dfa8cc9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "818a25742864", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "6ae7265a7b81", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "82c94e6a7bd1", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "617cf144c206", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "50c47879650b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ntfs3/fslog.c"], "versions": [{"version": "5.15.164", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.102", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.43", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.12", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.2", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/35652dfa8cc9a8a900ec0f1e0395781f94ffc5f0"}, {"url": "https://git.kernel.org/stable/c/818a257428644b8873e79c44404d8fb6598d4440"}, {"url": "https://git.kernel.org/stable/c/6ae7265a7b816879fd0203e83b5030d3720bbb7a"}, {"url": "https://git.kernel.org/stable/c/82c94e6a7bd116724738aa67eba6f5fedf3a3319"}, {"url": "https://git.kernel.org/stable/c/617cf144c206f98978ec730b17159344fd147cb4"}, {"url": "https://git.kernel.org/stable/c/50c47879650b4c97836a0086632b3a2e300b0f06"}], "title": "fs/ntfs3: Validate ff offset", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.076Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/35652dfa8cc9a8a900ec0f1e0395781f94ffc5f0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/818a257428644b8873e79c44404d8fb6598d4440", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6ae7265a7b816879fd0203e83b5030d3720bbb7a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/82c94e6a7bd116724738aa67eba6f5fedf3a3319", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/617cf144c206f98978ec730b17159344fd147cb4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/50c47879650b4c97836a0086632b3a2e300b0f06", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41019", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:24:32.092884Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:05.373Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/35652dfa8cc9a8a900ec0f1e0395781f94ffc5f0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/818a257428644b8873e79c44404d8fb6598d4440", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6ae7265a7b816879fd0203e83b5030d3720bbb7a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/82c94e6a7bd116724738aa67eba6f5fedf3a3319", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/617cf144c206f98978ec730b17159344fd147cb4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/50c47879650b4c97836a0086632b3a2e300b0f06", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.076Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41019", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:24:32.092884Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:20.575Z"}}], "cna": {"title": "fs/ntfs3: Validate ff offset", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "35652dfa8cc9", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "818a25742864", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "6ae7265a7b81", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "82c94e6a7bd1", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "617cf144c206", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "50c47879650b", "versionType": "git"}], "programFiles": ["fs/ntfs3/fslog.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.15.164", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.102", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.43", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.12", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10.2", "versionType": "custom", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/ntfs3/fslog.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/35652dfa8cc9a8a900ec0f1e0395781f94ffc5f0"}, {"url": "https://git.kernel.org/stable/c/818a257428644b8873e79c44404d8fb6598d4440"}, {"url": "https://git.kernel.org/stable/c/6ae7265a7b816879fd0203e83b5030d3720bbb7a"}, {"url": "https://git.kernel.org/stable/c/82c94e6a7bd116724738aa67eba6f5fedf3a3319"}, {"url": "https://git.kernel.org/stable/c/617cf144c206f98978ec730b17159344fd147cb4"}, {"url": "https://git.kernel.org/stable/c/50c47879650b4c97836a0086632b3a2e300b0f06"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Validate ff offset\n\nThis adds sanity checks for ff offset. There is a check\non rt->first_free at first, but walking through by ff\nwithout any check. If the second ff is a large offset.\nWe may encounter an out-of-bound read."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-15T17:52:10.113Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41019", "state": "PUBLISHED", "dateUpdated": "2024-09-15T17:52:10.113Z", "dateReserved": "2024-07-12T12:17:45.613Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T06:37:05.300Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: fs/ntfs3: Validate ff offset", "id": "2300302", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300302"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfs/ntfs3: Validate ff offset\nThis adds sanity checks for ff offset. There is a check\non rt->first_free at first, but walking through by ff\nwithout any check. If the second ff is a large offset.\nWe may encounter an out-of-bound read.", "A flaw was found in the `fs/ntfs3` module in the Linux kernel. This issue involved inadequate validation of the `ff` offset, which could lead to out-of-bounds reads if the offset was excessively large. This flaw posed risks of crashes and information leaks, and has been addressed by adding sanity checks to validate the `ff` offset before use, ensuring safer memory access and improving system stability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-41019", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41019\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41019\nhttps://lore.kernel.org/linux-cve-announce/2024072911-CVE-2024-41019-bf1d@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.164, kernel 6.1.102, kernel 6.6.43, kernel 6.9.12, kernel 6.10.2, kernel 6.11-rc1"}