Allocation of Resources Without Limits or Throttling Affecting kernel-zfcpdump package, versions <0:5.14.0-427.42.1.el9_4
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ALMALINUX9-KERNELZFCPDUMP-8336011
- published 4 Nov 2024
- disclosed 30 Oct 2024
Introduced: 30 Oct 2024
New CVE-2024-39472 Open this link in a new tabHow to fix?
Upgrade AlmaLinux:9
kernel-zfcpdump
to version 0:5.14.0-427.42.1.el9_4 or higher.
This issue was patched in ALSA-2024:8617
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-zfcpdump
package and not the kernel-zfcpdump
package as distributed by AlmaLinux
.
See How to fix?
for AlmaLinux:9
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix log recovery buffer allocation for the legacy h_size fixup
Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by mkfs") added a fixup for incorrect h_size values used for the initial umount record in old xfsprogs versions. Later commit 0c771b99d6c9 ("xfs: clean up calculation of LR header blocks") cleaned up the log reover buffer calculation, but stoped using the fixed up h_size value to size the log recovery buffer, which can lead to an out of bounds access when the incorrect h_size does not come from the old mkfs tool, but a fuzzer.
Fix this by open coding xlog_logrec_hblks and taking the fixed h_size into account for this calculation.
References
- https://errata.almalinux.org/8/ALSA-2024-5101.html
- https://errata.almalinux.org/8/ALSA-2024-5102.html
- https://errata.almalinux.org/9/ALSA-2024-8617.html
- https://access.redhat.com/security/cve/CVE-2024-39472
- https://access.redhat.com/errata/RHSA-2024:5101
- https://access.redhat.com/errata/RHSA-2024:5102
- https://access.redhat.com/errata/RHSA-2024:8617
- https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a
- https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f
- https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5
- https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb