CVE-2024-35949 — Out-of-bounds Write in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 98.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 20
Latest updateAug 13
Description
In the Linux kernel, the following vulnerability has been resolved:
btrfs: make sure that WRITTEN is set on all metadata blocks
We previously would call btrfs_check_leaf() if we had the check
integrity code enabled, which meant that we could only run the extended
leaf checks if we had WRITTEN set on the header flags.
This leaves a gap in our checking, because we could end up with
corruption on disk where WRITTEN isn't set on the leaf, and then the
extended leaf checks don't get run which we r…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5linux/linux85d8a826c7cde17f9cca9c4debecb4538bdb6573 — 9dff3e36ea89e8003516841c27c45af562b6ef44+3
Also affects: Fedora 40
Patches
🔴Vulnerability Details
3OSV▶
CVE-2024-35949: In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would ca↗2024-05-20
GHSA▶
GHSA-3cw9-m9j6-m7jf: In the Linux kernel, the following vulnerability has been resolved:
btrfs: make sure that WRITTEN is set on all metadata blocks
We previously would↗2024-05-20
📋Vendor Advisories
7💬Community
1Bugzilla
▶