CVE-2024-56570Improper Input Validation in Linux

CWE-20Improper Input Validation77 documents7 sources
Severity
7.8HIGHNVD
OSV8.8OSV5.5
EPSS
0.0%
top 98.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedDec 27
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function. This is important because such inodes can cause errors in overlayfs when passed to the lowerstack.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel5.55.10.231+5
Debianlinux/linux_kernel< 5.10.234-1+3
Ubuntulinux/linux_kernel< 5.4.0-211.231+2
CVEListV5linux/linuxe9be9d5e76e34872f0c37d72e25bc27fe9e2c54cf9248e2f73fb4afe08324485e98c815ac084d166+7
debiandebian/linux< linux 6.1.123-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

38
OSV
linux-raspi-5.4 vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-26
OSV
linux-raspi-realtime vulnerabilities2025-05-20
OSV
linux-gcp-5.15 vulnerabilities2025-04-28

📋Vendor Advisories

38
CISA ICS
Siemens Third-Party Components in SINEC OS2025-08-14
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-26
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities2025-05-20