CVE-2024-41016Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input Validation65 documents6 sources
Severity
5.5MEDIUMNVD
OSV8.8OSV6.7OSV6.3OSV4.7
EPSS
0.0%
top 96.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJul 29
Latest updateMay 28

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel4.205.4.285+6
Debianlinux/linux_kernel< 5.10.234-1+3
Ubuntulinux/linux_kernel< 5.4.0-208.228+2
CVEListV5linux/linuxcf1d6c763fbcb115263114302485ad17e7933d87e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090+8
debiandebian/linux< linux 6.1.112-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

32
OSV
linux-raspi-5.4 vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-28
OSV
linux-azure-nvidia vulnerabilities2025-04-28
OSV
linux-iot vulnerabilities2025-04-03
OSV
linux-azure-6.8 vulnerabilities2025-04-01

📋Vendor Advisories

32
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities2025-04-28
Ubuntu
Linux kernel (IoT) vulnerabilities2025-04-03
Ubuntu
Linux kernel (Azure) vulnerabilities2025-04-01