{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41034", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.619Z", "datePublished": "2024-07-29T14:31:49.043Z", "dateUpdated": "2024-11-05T09:35:23.584Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:35:23.584Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug on rename operation of broken directory\n\nSyzbot reported that in rename directory operation on broken directory on\nnilfs2, __block_write_begin_int() called to prepare block write may fail\nBUG_ON check for access exceeding the folio/page size.\n\nThis is because nilfs_dotdot(), which gets parent directory reference\nentry (\"..\") of the directory to be moved or renamed, does not check\nconsistency enough, and may return location exceeding folio/page size for\nbroken directories.\n\nFix this issue by checking required directory entries (\".\" and \"..\") in\nthe first chunk of the directory in nilfs_dotdot()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nilfs2/dir.c"], "versions": [{"version": "2ba466d74ed7", "lessThan": "ff9767ba2cb9", "status": "affected", "versionType": "git"}, {"version": "2ba466d74ed7", "lessThan": "24c1c8566a9b", "status": "affected", "versionType": "git"}, {"version": "2ba466d74ed7", "lessThan": "a9a466a69b85", "status": "affected", "versionType": "git"}, {"version": "2ba466d74ed7", "lessThan": "7000b438dda9", "status": "affected", "versionType": "git"}, {"version": "2ba466d74ed7", "lessThan": "1a8879c0771a", "status": "affected", "versionType": "git"}, {"version": "2ba466d74ed7", "lessThan": "60f61514374e", "status": "affected", "versionType": "git"}, {"version": "2ba466d74ed7", "lessThan": "298cd810d7fb", "status": "affected", "versionType": "git"}, {"version": "2ba466d74ed7", "lessThan": "a9e1ddc09ca5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nilfs2/dir.c"], "versions": [{"version": "2.6.30", "status": "affected"}, {"version": "0", "lessThan": "2.6.30", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.318", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.280", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.222", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.100", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.41", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.10", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ff9767ba2cb949701e45e6e4287f8af82986b703"}, {"url": "https://git.kernel.org/stable/c/24c1c8566a9b6be51f5347be2ea76e25fc82b11e"}, {"url": "https://git.kernel.org/stable/c/a9a466a69b85059b341239766a10efdd3ee68a4b"}, {"url": "https://git.kernel.org/stable/c/7000b438dda9d0f41a956fc9bffed92d2eb6be0d"}, {"url": "https://git.kernel.org/stable/c/1a8879c0771a68d70ee2e5e66eea34207e8c6231"}, {"url": "https://git.kernel.org/stable/c/60f61514374e4a0c3b65b08c6024dd7e26150bfd"}, {"url": "https://git.kernel.org/stable/c/298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5"}, {"url": "https://git.kernel.org/stable/c/a9e1ddc09ca55746079cc479aa3eb6411f0d99d4"}], "title": "nilfs2: fix kernel bug on rename operation of broken directory", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.078Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ff9767ba2cb949701e45e6e4287f8af82986b703", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/24c1c8566a9b6be51f5347be2ea76e25fc82b11e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a9a466a69b85059b341239766a10efdd3ee68a4b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7000b438dda9d0f41a956fc9bffed92d2eb6be0d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1a8879c0771a68d70ee2e5e66eea34207e8c6231", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/60f61514374e4a0c3b65b08c6024dd7e26150bfd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a9e1ddc09ca55746079cc479aa3eb6411f0d99d4", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41034", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:23:37.441886Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:32:58.811Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ff9767ba2cb949701e45e6e4287f8af82986b703", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/24c1c8566a9b6be51f5347be2ea76e25fc82b11e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a9a466a69b85059b341239766a10efdd3ee68a4b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7000b438dda9d0f41a956fc9bffed92d2eb6be0d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1a8879c0771a68d70ee2e5e66eea34207e8c6231", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/60f61514374e4a0c3b65b08c6024dd7e26150bfd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a9e1ddc09ca55746079cc479aa3eb6411f0d99d4", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.078Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41034", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:23:37.441886Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:13.873Z"}}], "cna": {"title": "nilfs2: fix kernel bug on rename operation of broken directory", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2ba466d74ed7", "lessThan": "ff9767ba2cb9", "versionType": "git"}, {"status": "affected", "version": "2ba466d74ed7", "lessThan": "24c1c8566a9b", "versionType": "git"}, {"status": "affected", "version": "2ba466d74ed7", "lessThan": "a9a466a69b85", "versionType": "git"}, {"status": "affected", "version": "2ba466d74ed7", "lessThan": "7000b438dda9", "versionType": "git"}, {"status": "affected", "version": "2ba466d74ed7", "lessThan": "1a8879c0771a", "versionType": "git"}, {"status": "affected", "version": "2ba466d74ed7", "lessThan": "60f61514374e", "versionType": "git"}, {"status": "affected", "version": "2ba466d74ed7", "lessThan": "298cd810d7fb", "versionType": "git"}, {"status": "affected", "version": "2ba466d74ed7", "lessThan": "a9e1ddc09ca5", "versionType": "git"}], "programFiles": ["fs/nilfs2/dir.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.30"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.30", "versionType": "custom"}, {"status": "unaffected", "version": "4.19.318", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.280", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.222", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.163", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.100", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.41", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.10", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/nilfs2/dir.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/ff9767ba2cb949701e45e6e4287f8af82986b703"}, {"url": "https://git.kernel.org/stable/c/24c1c8566a9b6be51f5347be2ea76e25fc82b11e"}, {"url": "https://git.kernel.org/stable/c/a9a466a69b85059b341239766a10efdd3ee68a4b"}, {"url": "https://git.kernel.org/stable/c/7000b438dda9d0f41a956fc9bffed92d2eb6be0d"}, {"url": "https://git.kernel.org/stable/c/1a8879c0771a68d70ee2e5e66eea34207e8c6231"}, {"url": "https://git.kernel.org/stable/c/60f61514374e4a0c3b65b08c6024dd7e26150bfd"}, {"url": "https://git.kernel.org/stable/c/298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5"}, {"url": "https://git.kernel.org/stable/c/a9e1ddc09ca55746079cc479aa3eb6411f0d99d4"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug on rename operation of broken directory\n\nSyzbot reported that in rename directory operation on broken directory on\nnilfs2, __block_write_begin_int() called to prepare block write may fail\nBUG_ON check for access exceeding the folio/page size.\n\nThis is because nilfs_dotdot(), which gets parent directory reference\nentry (\"..\") of the directory to be moved or renamed, does not check\nconsistency enough, and may return location exceeding folio/page size for\nbroken directories.\n\nFix this issue by checking required directory entries (\".\" and \"..\") in\nthe first chunk of the directory in nilfs_dotdot()."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T14:31:49.043Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41034", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:32:58.811Z", "dateReserved": "2024-07-12T12:17:45.619Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T14:31:49.043Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug on rename operation of broken directory\n\nSyzbot reported that in rename directory operation on broken directory on\nnilfs2, __block_write_begin_int() called to prepare block write may fail\nBUG_ON check for access exceeding the folio/page size.\n\nThis is because nilfs_dotdot(), which gets parent directory reference\nentry (\"..\") of the directory to be moved or renamed, does not check\nconsistency enough, and may return location exceeding folio/page size for\nbroken directories.\n\nFix this issue by checking required directory entries (\".\" and \"..\") in\nthe first chunk of the directory in nilfs_dotdot()."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nilfs2: corrige el error del kernel en la operaci\u00f3n de cambio de nombre de un directorio roto Syzbot inform\u00f3 que en la operaci\u00f3n de cambio de nombre de directorio en un directorio roto en nilfs2, __block_write_begin_int() llamado para preparar la escritura en bloque puede fallar en la verificaci\u00f3n BUG_ON de acceso exceder el tama\u00f1o del folio/p\u00e1gina. Esto se debe a que nilfs_dotdot(), que obtiene la entrada de referencia del directorio principal (\"..\") del directorio que se va a mover o cambiar de nombre, no verifica la coherencia lo suficiente y puede devolver una ubicaci\u00f3n que exceda el tama\u00f1o de folio/p\u00e1gina para directorios rotos. Solucione este problema verificando las entradas de directorio requeridas (\".\" y \"..\") en el primer fragmento del directorio en nilfs_dotdot()."}], "id": "CVE-2024-41034", "lastModified": "2024-07-29T16:21:52.517", "metrics": {}, "published": "2024-07-29T15:15:11.990", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1a8879c0771a68d70ee2e5e66eea34207e8c6231"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/24c1c8566a9b6be51f5347be2ea76e25fc82b11e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/60f61514374e4a0c3b65b08c6024dd7e26150bfd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7000b438dda9d0f41a956fc9bffed92d2eb6be0d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a9a466a69b85059b341239766a10efdd3ee68a4b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a9e1ddc09ca55746079cc479aa3eb6411f0d99d4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ff9767ba2cb949701e45e6e4287f8af82986b703"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: nilfs2: fix kernel bug on rename operation of broken directory", "id": "2300401", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300401"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnilfs2: fix kernel bug on rename operation of broken directory\nSyzbot reported that in rename directory operation on broken directory on\nnilfs2, __block_write_begin_int() called to prepare block write may fail\nBUG_ON check for access exceeding the folio/page size.\nThis is because nilfs_dotdot(), which gets parent directory reference\nentry (\"..\") of the directory to be moved or renamed, does not check\nconsistency enough, and may return location exceeding folio/page size for\nbroken directories.\nFix this issue by checking required directory entries (\".\" and \"..\") in\nthe first chunk of the directory in nilfs_dotdot()."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-41034", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41034\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41034\nhttps://lore.kernel.org/linux-cve-announce/2024072922-CVE-2024-41034-7593@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.163, kernel 6.1.100, kernel 6.6.41, kernel 6.9.10, kernel 6.10, kernel 4.19.318, kernel 5.4.280, kernel 5.10.222"}