CVE-2024-47670 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: add bounds checking to ocfs2_xattr_find_entry()

Add a paranoia check to make sure it doesn't stray beyond valid memory
region containing ocfs2 xattr entries when scanning for a match. It will
prevent out-of-bound access in case of crafted images.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0002.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4008-1	linux-6.1 security update
Debian DLA	DLA-4075-1	linux security update
Ubuntu USN	USN-7166-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7166-2	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-7166-3	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-7166-4	Linux kernel (Xilinx ZynqMP) vulnerabilities
Ubuntu USN	USN-7186-1	Linux kernel (Intel IoTG) vulnerabilities
Ubuntu USN	USN-7186-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7194-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7293-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7295-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7301-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7303-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7303-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7303-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7304-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7311-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7384-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7384-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7385-1	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-7386-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-7393-1	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-7401-1	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-7403-1	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-7413-1	Linux kernel (IoT) vulnerabilities
Ubuntu USN	USN-7468-1	Linux kernel (Azure, N-Series) vulnerabilities
Ubuntu USN	USN-7539-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7540-1	Linux kernel (Raspberry Pi) vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39
https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c
https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd
https://git.kernel.org/stable/c/60c0d36189bad58b1a8e69af8781d90009559ea1
https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77
https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f
https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6
https://git.kernel.org/stable/c/b49a786beb11ff740cb9e0c20b999c2a0e1729c2
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lore.kernel.org/linux-cve-announce/2024100919-CVE-2024-47670-53f3@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-47670
https://www.cve.org/CVERecord?id=CVE-2024-47670

History

Mon, 03 Nov 2025 23:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Mon, 03 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Fri, 08 Nov 2024 16:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/60c0d36189bad58b1a8e69af8781d90009559ea1 https://git.kernel.org/stable/c/b49a786beb11ff740cb9e0c20b999c2a0e1729c2

Wed, 23 Oct 2024 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-787
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Thu, 17 Oct 2024 14:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd

Sat, 12 Oct 2024 01:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024100919-CVE-2024-47670-53f3@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-47670 https://www.cve.org/CVERecord?id=CVE-2024-47670
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Thu, 10 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 09 Oct 2024 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_xattr_find_entry() Add a paranoia check to make sure it doesn't stray beyond valid memory region containing ocfs2 xattr entries when scanning for a match. It will prevent out-of-bound access in case of crafted images.
Title		ocfs2: add bounds checking to ocfs2_xattr_find_entry()
References		https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39 https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77 https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-10-09T14:49:11.938Z

Updated: 2025-11-03T22:20:36.160Z

Reserved: 2024-09-30T16:00:12.936Z

Link: CVE-2024-47670

Vulnrichment

Updated: 2025-11-03T22:20:36.160Z

NVD

Status : Modified

Published: 2024-10-09T15:15:15.673

Modified: 2025-11-03T23:16:14.883

Link: CVE-2024-47670

Redhat

Severity : Moderate

Publid Date: 2024-10-09T00:00:00Z

Links: CVE-2024-47670 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-787

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object