{ "threat_severity" : "Moderate", "public_date" : "2024-05-01T00:00:00Z", "bugzilla" : { "description" : "kernel: Squashfs: check the inode number is not the invalid value of zero", "id" : "2278337", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2278337" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-125", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nSquashfs: check the inode number is not the invalid value of zero\nSyskiller has produced an out of bounds access in fill_meta_index().\nThat out of bounds access is ultimately caused because the inode\nhas an inode number with the invalid value of zero, which was not checked.\nThe reason this causes the out of bounds access is due to following\nsequence of events:\n1. Fill_meta_index() is called to allocate (via empty_meta_index())\nand fill a metadata index. It however suffers a data read error\nand aborts, invalidating the newly returned empty metadata index.\nIt does this by setting the inode number of the index to zero,\nwhich means unused (zero is not a valid inode number).\n2. When fill_meta_index() is subsequently called again on another\nread operation, locate_meta_index() returns the previous index\nbecause it matches the inode number of 0. Because this index\nhas been returned it is expected to have been filled, and because\nit hasn't been, an out of bounds access is performed.\nThis patch adds a sanity check which checks that the inode number\nis not zero when the inode is created and returns -EINVAL if it is.\n[phillip@squashfs.org.uk: whitespace fix]", "A flaw was found in the squashfs module in the Linux kernel. A missing check of an inode number with an invalid value of zero can cause an out-of-bounds read and result in a denial of service." ], "statement" : "This vulnerability allows a local attacker to trigger an out-of-bounds read and cause a denial of service, impacting only the availability of the system. For this reason, it was rated with a Moderate severity.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-07-08T00:00:00Z", "advisory" : "RHSA-2024:4352", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-07-02T00:00:00Z", "advisory" : "RHSA-2024:4211", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.8.1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2024-09-04T00:00:00Z", "advisory" : "RHSA-2024:6297", "cpe" : "cpe:/o:redhat:rhel_aus:8.6", "package" : "kernel-0:4.18.0-372.121.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2024-09-04T00:00:00Z", "advisory" : "RHSA-2024:6297", "cpe" : "cpe:/o:redhat:rhel_tus:8.6", "package" : "kernel-0:4.18.0-372.121.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2024-09-04T00:00:00Z", "advisory" : "RHSA-2024:6297", "cpe" : "cpe:/o:redhat:rhel_e4s:8.6", "package" : "kernel-0:4.18.0-372.121.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date" : "2024-08-13T00:00:00Z", "advisory" : "RHSA-2024:5255", "cpe" : "cpe:/o:redhat:rhel_eus:8.8", "package" : "kernel-0:4.18.0-477.67.1.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-07-31T00:00:00Z", "advisory" : "RHSA-2024:4928", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.28.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-07-31T00:00:00Z", "advisory" : "RHSA-2024:4928", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.28.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-07-24T00:00:00Z", "advisory" : "RHSA-2024:4823", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "kernel-0:5.14.0-284.75.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-07-24T00:00:00Z", "advisory" : "RHSA-2024:4831", "cpe" : "cpe:/a:redhat:rhel_eus:9.2::nfv", "package" : "kernel-rt-0:5.14.0-284.75.1.rt14.360.el9_2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-26982\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26982\nhttps://lore.kernel.org/linux-cve-announce/2024050141-CVE-2024-26982-8675@gregkh/T" ], "name" : "CVE-2024-26982", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }