SB2024073134 - Out-of-bounds read in Linux kernel orangefs
Published: July 31, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024073134
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2024-42143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the orangefs_statfs() function in fs/orangefs/super.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/b90176a9553775e23966650e445b1866e62e4924
- https://git.kernel.org/stable/c/556edaa27c27db24a0f34c78cebef90e5bb6e167
- https://git.kernel.org/stable/c/1617249e24bd04c8047956afb43feec4876d1715
- https://git.kernel.org/stable/c/137a06dc0ff8b2d2069c2345d015ef0fa71df1ed
- https://git.kernel.org/stable/c/74159d409da82269311a60256aad8ae8753da450
- https://git.kernel.org/stable/c/6a3cacf6d3cf0278aa90392aef2fc3fe2717a047
- https://git.kernel.org/stable/c/de8a5f7b71800a11fbaffc8ddacf08ead78afcc5
- https://git.kernel.org/stable/c/53e4efa470d5fc6a96662d2d3322cfc925818517
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.318
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.163
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.280
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.98
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.39