CVE-2024-42143 - Vulnerability Details

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2024073031-CVE-2024-42143-5cec@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-42143
https://www.cve.org/CVERecord?id=CVE-2024-42143

History

Thu, 22 Aug 2024 00:30:00 +0000

Type	Values Removed	Values Added
References	https://git.kernel.org/stable/c/137a06dc0ff8b2d2069c2345d015ef0fa71df1ed https://git.kernel.org/stable/c/1617249e24bd04c8047956afb43feec4876d1715 https://git.kernel.org/stable/c/53e4efa470d5fc6a96662d2d3322cfc925818517 https://git.kernel.org/stable/c/556edaa27c27db24a0f34c78cebef90e5bb6e167 https://git.kernel.org/stable/c/6a3cacf6d3cf0278aa90392aef2fc3fe2717a047 https://git.kernel.org/stable/c/74159d409da82269311a60256aad8ae8753da450 https://git.kernel.org/stable/c/b90176a9553775e23966650e445b1866e62e4924 https://git.kernel.org/stable/c/de8a5f7b71800a11fbaffc8ddacf08ead78afcc5

Thu, 22 Aug 2024 00:15:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: orangefs: fix out-of-bounds fsid access Arnd Bergmann sent a patch to fsdevel, he says: "orangefs_statfs() copies two consecutive fields of the superblock into the statfs structure, which triggers a warning from the string fortification helpers" Jan Kara suggested an alternate way to do the patch to make it more readable. I ran both ideas through xfstests and both seem fine. This patch is based on Jan Kara's suggestion.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title	orangefs: fix out-of-bounds fsid access	kernel: orangefs: fix out-of-bounds fsid access

Sat, 17 Aug 2024 02:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H'}`

MITRE

Status: REJECTED

Assigner: Linux

Published: 2024-07-30T07:46:36.904Z

Updated: 2024-08-22T00:01:12.570Z

Reserved: 2024-07-29T15:50:41.190Z

Link: CVE-2024-42143

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2024-07-30T08:15:06.073

Modified: 2024-08-22T00:15:06.020

Link: CVE-2024-42143

Redhat

Severity : Moderate

Publid Date: 2024-07-30T00:00:00Z

Links: CVE-2024-42143 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object