CVE-2024-39467 Affecting kernel-uek-devel package, versions <0:5.4.17-2136.334.6.el7uek
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-ORACLE7-KERNELUEKDEVEL-7678088
- published14 Aug 2024
- disclosed25 Jun 2024
Introduced: 25 Jun 2024
CVE-2024-39467 (opens in a new tab)How to fix?
Upgrade Oracle:7 kernel-uek-devel to version 0:5.4.17-2136.334.6.el7uek or higher.
This issue was patched in ELSA-2024-12581.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-uek-devel package and not the kernel-uek-devel package as distributed by Oracle.
See How to fix? for Oracle:7 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
syzbot reports a kernel bug as below:
F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
BUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline] BUG: KASAN: slab-out-of-bounds in current_nat_addr fs/f2fs/node.h:213 [inline] BUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600 Read of size 1 at addr ffff88807a58c76c by task syz-executor280/5076
CPU: 1 PID: 5076 Comm: syz-executor280 Not tainted 6.9.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline] current_nat_addr fs/f2fs/node.h:213 [inline] f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600 f2fs_xattr_fiemap fs/f2fs/data.c:1848 [inline] f2fs_fiemap+0x55d/0x1ee0 fs/f2fs/data.c:1925 ioctl_fiemap fs/ioctl.c:220 [inline] do_vfs_ioctl+0x1c07/0x2e50 fs/ioctl.c:838 __do_sys_ioctl fs/ioctl.c:902 [inline] __se_sys_ioctl+0x81/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f
The root cause is we missed to do sanity check on i_xattr_nid during f2fs_iget(), so that in fiemap() path, current_nat_addr() will access nat_bitmap w/ offset from invalid i_xattr_nid, result in triggering kasan bug report, fix it.
References
- https://linux.oracle.com/cve/CVE-2024-39467.html
- https://linux.oracle.com/errata/ELSA-2024-12581.html
- https://git.kernel.org/stable/c/1640dcf383cdba52be8b28d2a1a2aa7ef7a30c98
- https://git.kernel.org/stable/c/20faaf30e55522bba2b56d9c46689233205d7717
- https://git.kernel.org/stable/c/68e3cd4ecb8603936cccdc338929130045df2e57
- https://git.kernel.org/stable/c/75c87e2ac6149abf44bdde0dd6d541763ddb0dff
- https://git.kernel.org/stable/c/8c8aa473fe6eb46a4bf99f3ea2dbe52bf0c1a1f0
- https://git.kernel.org/stable/c/be0155202e431f3007778568a72432c68f8946ba
- https://git.kernel.org/stable/c/c559a8d840562fbfce9f318448dda2f7d3e6d8e8