[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-41013":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":25,"downstream":26,"duplicates":81,"related":82,"reserved_at":9,"published_at":92,"modified_at":93,"state":94,"summary":95,"references_raw":104,"kevs":123,"epss":124,"epss_history":127,"metrics":379,"affected":385},"CVE-2024-41013","In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[],[],[],[27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79],{"_key":28},"SUSE-SU-2024:2802-1",{"_key":30},"SUSE-SU-2024:2894-1",{"_key":32},"SUSE-SU-2025:0236-1",{"_key":34},"SUSE-SU-2024:2896-1",{"_key":36},"SUSE-SU-2024:2939-1",{"_key":38},"SUSE-SU-2024:2947-1",{"_key":40},"SUSE-SU-2024:2973-1",{"_key":42},"DLA-4328-1",{"_key":44},"DSA-5973-1",{"_key":46},"SUSE-SU-2025:20008-1",{"_key":48},"SUSE-SU-2025:20028-1",{"_key":50},"DEBIAN-CVE-2024-41013",{"_key":52},"RHSA-2024:7000",{"_key":54},"RHSA-2024:7001",{"_key":56},"RHSA-2024:8617",{"_key":58},"UBUNTU-CVE-2024-41013",{"_key":60},"USN-7513-1",{"_key":62},"USN-7513-2",{"_key":64},"USN-7513-3",{"_key":66},"USN-7513-4",{"_key":68},"USN-7513-5",{"_key":70},"USN-7514-1",{"_key":72},"USN-7515-1",{"_key":74},"USN-7515-2",{"_key":76},"USN-7522-1",{"_key":78},"USN-7523-1",{"_key":80},"USN-7524-1",[],[83,84,85,86,87,88,89,90,91],{"_key":28},{"_key":30},{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":46},{"_key":48},"2024-07-29T06:36:59.930Z","2026-05-11T20:24:28.567Z","Modified",{"cisa_kev":96,"cisa_ransomware":96,"cisa_vendor":9,"epss_severity":97,"epss_score":98,"severity":99,"severity_score":100,"severity_version":101,"severity_source":102,"severity_vector":103,"severity_status":94},false,"low",0.00015,"high",7.1,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",[105,111,115,119],{"url":106,"sources":107,"tags":109},"https://git.kernel.org/stable/c/b0932e4f9da85349d1c8f2a77d2a7a7163b8511d",[108,102],"cve.org",[110],"Patch",{"url":112,"sources":113,"tags":114},"https://git.kernel.org/stable/c/ca96d83c93071f95cf962ce92406621a472df31b",[108,102],[110],{"url":116,"sources":117,"tags":118},"https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a",[108,102],[110],{"url":120,"sources":121,"tags":122},"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html",[108,102],[],[],{"date":125,"score":98,"percentile":126},"2026-06-03",0.03463,[128,132,135,138,141,143,146,149,152,155,158,161,164,167,170,174,177,180,183,186,189,192,195,198,200,203,206,209,212,215,218,221,224,227,230,233,236,239,241,244,247,250,253,256,259,261,263,266,268,271,274,277,280,282,285,287,290,292,295,298,301,303,306,308,310,313,316,319,322,325,328,331,333,336,339,341,344,347,349,351,354,356,358,361,364,367,369,371,373,376],{"date":129,"score":130,"percentile":131},"2025-11-04",0.00014,0.01765,{"date":133,"score":130,"percentile":134},"2025-11-05",0.0179,{"date":136,"score":130,"percentile":137},"2025-11-06",0.01808,{"date":139,"score":130,"percentile":140},"2025-11-07",0.01815,{"date":142,"score":130,"percentile":140},"2025-11-08",{"date":144,"score":130,"percentile":145},"2025-11-09",0.01816,{"date":147,"score":130,"percentile":148},"2025-11-10",0.018,{"date":150,"score":130,"percentile":151},"2025-11-11",0.0181,{"date":153,"score":130,"percentile":154},"2025-11-12",0.01822,{"date":156,"score":130,"percentile":157},"2025-11-13",0.01838,{"date":159,"score":130,"percentile":160},"2025-11-14",0.01841,{"date":162,"score":130,"percentile":163},"2025-11-15",0.01861,{"date":165,"score":130,"percentile":166},"2025-11-16",0.01864,{"date":168,"score":130,"percentile":169},"2025-11-17",0.01852,{"date":171,"score":172,"percentile":173},"2025-11-18",0.00074,0.18493,{"date":175,"score":172,"percentile":176},"2025-11-19",0.18513,{"date":178,"score":172,"percentile":179},"2025-11-20",0.18495,{"date":181,"score":130,"percentile":182},"2025-11-21",0.01914,{"date":184,"score":130,"percentile":185},"2025-11-22",0.01911,{"date":187,"score":130,"percentile":188},"2025-11-23",0.01906,{"date":190,"score":130,"percentile":191},"2025-11-24",0.01894,{"date":193,"score":130,"percentile":194},"2025-11-25",0.01888,{"date":196,"score":130,"percentile":197},"2025-11-26",0.0185,{"date":199,"score":130,"percentile":197},"2025-11-27",{"date":201,"score":130,"percentile":202},"2025-11-28",0.01847,{"date":204,"score":130,"percentile":205},"2025-11-29",0.0201,{"date":207,"score":130,"percentile":208},"2025-11-30",0.02018,{"date":210,"score":130,"percentile":211},"2025-12-01",0.02059,{"date":213,"score":130,"percentile":214},"2025-12-02",0.02056,{"date":216,"score":130,"percentile":217},"2025-12-03",0.02064,{"date":219,"score":130,"percentile":220},"2025-12-04",0.02025,{"date":222,"score":130,"percentile":223},"2025-12-05",0.02037,{"date":225,"score":130,"percentile":226},"2025-12-06",0.02042,{"date":228,"score":130,"percentile":229},"2025-12-07",0.0204,{"date":231,"score":130,"percentile":232},"2025-12-08",0.02043,{"date":234,"score":130,"percentile":235},"2025-12-09",0.0206,{"date":237,"score":130,"percentile":238},"2025-12-10",0.02091,{"date":240,"score":130,"percentile":238},"2025-12-11",{"date":242,"score":130,"percentile":243},"2025-12-12",0.01965,{"date":245,"score":130,"percentile":246},"2025-12-13",0.01948,{"date":248,"score":130,"percentile":249},"2025-12-14",0.01951,{"date":251,"score":130,"percentile":252},"2025-12-15",0.01942,{"date":254,"score":130,"percentile":255},"2025-12-16",0.01938,{"date":257,"score":130,"percentile":258},"2025-12-17",0.01953,{"date":260,"score":130,"percentile":249},"2025-12-18",{"date":262,"score":130,"percentile":258},"2025-12-19",{"date":264,"score":130,"percentile":265},"2025-12-20",0.01954,{"date":267,"score":130,"percentile":243},"2025-12-21",{"date":269,"score":130,"percentile":270},"2025-12-22",0.01962,{"date":272,"score":130,"percentile":273},"2025-12-23",0.01963,{"date":275,"score":130,"percentile":276},"2025-12-24",0.01971,{"date":278,"score":130,"percentile":279},"2025-12-25",0.01978,{"date":281,"score":130,"percentile":279},"2025-12-26",{"date":283,"score":98,"percentile":284},"2025-12-27",0.02527,{"date":286,"score":130,"percentile":279},"2025-12-28",{"date":288,"score":130,"percentile":289},"2025-12-29",0.01969,{"date":291,"score":130,"percentile":273},"2025-12-30",{"date":293,"score":130,"percentile":294},"2025-12-31",0.0196,{"date":296,"score":130,"percentile":297},"2026-01-01",0.01985,{"date":299,"score":130,"percentile":300},"2026-01-02",0.01979,{"date":302,"score":130,"percentile":297},"2026-01-03",{"date":304,"score":130,"percentile":305},"2026-01-04",0.01946,{"date":307,"score":130,"percentile":249},"2026-01-05",{"date":309,"score":130,"percentile":305},"2026-01-06",{"date":311,"score":130,"percentile":312},"2026-01-07",0.01964,{"date":314,"score":130,"percentile":315},"2026-01-08",0.01982,{"date":317,"score":130,"percentile":318},"2026-01-09",0.01999,{"date":320,"score":130,"percentile":321},"2026-01-10",0.02012,{"date":323,"score":130,"percentile":324},"2026-01-11",0.02001,{"date":326,"score":130,"percentile":327},"2026-01-12",0.02002,{"date":329,"score":130,"percentile":330},"2026-01-13",0.01993,{"date":332,"score":130,"percentile":324},"2026-01-14",{"date":334,"score":130,"percentile":335},"2026-01-15",0.01994,{"date":337,"score":130,"percentile":338},"2026-01-16",0.01996,{"date":340,"score":130,"percentile":318},"2026-01-17",{"date":342,"score":130,"percentile":343},"2026-01-18",0.02009,{"date":345,"score":130,"percentile":346},"2026-01-19",0.01998,{"date":348,"score":130,"percentile":297},"2026-01-20",{"date":350,"score":130,"percentile":315},"2026-01-21",{"date":352,"score":130,"percentile":353},"2026-01-22",0.01976,{"date":355,"score":130,"percentile":297},"2026-01-23",{"date":357,"score":130,"percentile":346},"2026-01-24",{"date":359,"score":130,"percentile":360},"2026-01-25",0.01991,{"date":362,"score":130,"percentile":363},"2026-01-26",0.01989,{"date":365,"score":130,"percentile":366},"2026-01-27",0.01988,{"date":368,"score":130,"percentile":360},"2026-01-28",{"date":370,"score":130,"percentile":343},"2026-01-29",{"date":372,"score":130,"percentile":205},"2026-01-30",{"date":374,"score":130,"percentile":375},"2026-01-31",0.02031,{"date":377,"score":130,"percentile":378},"2026-02-01",0.02061,[380],{"source":102,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":381,"cvss_v4_0":9},{"baseScore":100,"baseSeverity":382,"vectorString":103,"impactScore":383,"exploitabilityScore":384},"HIGH",8.7,4.6,[386,406],{"ecosystem":9,"name":387,"vendor":388,"product":388,"cpe_part":389,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":390},"Linux","linux","a",[391,398,401,404],{"version":392,"is_range":393,"range_type":108,"version_start":394,"version_start_type":395,"version_end":396,"version_end_type":397,"fixed_in":9},">= 82025d7f79148fe66a1594a0ebe4ab38152cf9e6, \u003C b0932e4f9da85349d1c8f2a77d2a7a7163b8511d",true,"82025d7f79148fe66a1594a0ebe4ab38152cf9e6","including","b0932e4f9da85349d1c8f2a77d2a7a7163b8511d","excluding",{"version":399,"is_range":393,"range_type":108,"version_start":394,"version_start_type":395,"version_end":400,"version_end_type":397,"fixed_in":9},">= 82025d7f79148fe66a1594a0ebe4ab38152cf9e6, \u003C ca96d83c93071f95cf962ce92406621a472df31b","ca96d83c93071f95cf962ce92406621a472df31b",{"version":402,"is_range":393,"range_type":108,"version_start":394,"version_start_type":395,"version_end":403,"version_end_type":397,"fixed_in":9},">= 82025d7f79148fe66a1594a0ebe4ab38152cf9e6, \u003C 0c7fcdb6d06cdf8b19b57c17605215b06afa864a","0c7fcdb6d06cdf8b19b57c17605215b06afa864a",{"version":405,"is_range":96,"range_type":108,"version_start":405,"version_start_type":395,"version_end":405,"version_end_type":395,"fixed_in":9},"3.8",{"ecosystem":9,"name":407,"vendor":388,"product":408,"cpe_part":409,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":410},"linux kernel","linux_kernel","o",[411,415,419],{"version":412,"is_range":393,"range_type":413,"version_start":9,"version_start_type":9,"version_end":414,"version_end_type":397,"fixed_in":9},"lt6.1.142","cpe","6.1.142",{"version":416,"is_range":393,"range_type":413,"version_start":417,"version_start_type":395,"version_end":418,"version_end_type":397,"fixed_in":9},"gte6.2_lt6.6.68","6.2","6.6.68",{"version":420,"is_range":393,"range_type":413,"version_start":421,"version_start_type":395,"version_end":422,"version_end_type":397,"fixed_in":9},"gte6.7_lt6.11","6.7","6.11"]