CVE-2024-26982Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read75 documents8 sources
Severity
7.1HIGHNVD
OSV8.8OSV7.8OSV6.8OSV5.9OSV5.5
EPSS
0.0%
top 90.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedMay 1
Latest updateJul 16

Description

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero Syskiller has produced an out of bounds access in fill_meta_index(). That out of bounds access is ultimately caused because the inode has an inode number with the invalid value of zero, which was not checked. The reason this causes the out of bounds access is due to following sequence of events: 1. Fill_meta_index() is called to allocate (via empty_meta_index

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages8 packages

NVDlinux/linux_kernel6.76.8.8+2
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.4.0-216.236+2
CVEListV5linux/linux6545b246a2c815a8fcd07d58240effb6ec3481b132c114a58236fe67141634774559f21f1dc96fd7+7
debiandebian/linux< linux 6.1.133-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

36
OSV
linux-iot vulnerabilities2025-07-16
OSV
linux-xilinx-zynqmp vulnerabilities2025-06-26
OSV
linux-hwe-5.15 vulnerabilities2025-06-24
OSV
linux-aws-fips, linux-fips vulnerabilities2025-05-29
OSV
linux-aws-5.4 vulnerabilities2025-05-29

📋Vendor Advisories

37
Ubuntu
Linux kernel (IoT) vulnerabilities2025-07-16
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2025-06-26
Ubuntu
Linux kernel (HWE) vulnerabilities2025-06-24
Ubuntu
Linux kernel (AWS) vulnerabilities2025-05-29
Ubuntu
Linux kernel (AWS) vulnerabilities2025-05-29

💬Community

1
Bugzilla
CVE-2024-26982 kernel: Squashfs: check the inode number is not the invalid value of zero2024-05-01