CVE-2024-47670

Advisory lineage Upstream: 0 Downstream: 49
Modified
Published: 09 Oct 2024, 14:49
Last modified:11 May 2026, 20:38

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.8 HIGH
v3.1 (nvd)
EPSS Score
0.03% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

09 Oct 2024, 14:49
Published
Vulnerability first disclosed
11 May 2026, 20:38
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_xattr_find_entry() Add a paranoia check to make sure it doesn't stray beyond valid memory region containing ocfs2 xattr entries when scanning for a match. It will prevent out-of-bound access in case of crafted images.

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.03% Percentile: 7%

Techniques & Countermeasures

  • CWE-787Out-of-bounds Write

    The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

  • linuxlinux

    ≥ cf1d6c763fbcb115263114302485ad17e7933d87, < b49a786beb11ff740cb9e0c20b999c2a0e1729c2 | ≥ cf1d6c763fbcb115263114302485ad17e7933d87, < 60c0d36189bad58b1a8e69af8781d90009559ea1 | ≥ cf1d6c763fbcb115263114302485ad17e7933d87, < 34759b7e4493d7337cbc414c132cef378c492a2c | ≥ cf1d6c763fbcb115263114302485ad17e7933d87, < 5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd | ≥ cf1d6c763fbcb115263114302485ad17e7933d87, < 9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f | ≥ cf1d6c763fbcb115263114302485ad17e7933d87, < 1f6e167d6753fe3ea493cdc7f7de8d03147a4d39 | ≥ cf1d6c763fbcb115263114302485ad17e7933d87, < 8e7bef408261746c160853fc27df3139659f5f77 | ≥ cf1d6c763fbcb115263114302485ad17e7933d87, < 9e3041fecdc8f78a5900c3aa51d3d756e73264d6 | 2.6.28

  • linuxlinux_kernel

    < 6.1.112 | ≥ 6.2, < 6.6.53 | ≥ 6.7, < 6.10.12

References (10)