SB2024062456 - Buffer overflow in Linux kernel ocfs2
Published: June 24, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062456
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2021-47460)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ocfs2_set_inode_data_inline() and ocfs2_convert_inline_data_to_extents() functions in fs/ocfs2/alloc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/560edd14de2bf9dbc0129681eeb4d5ef87cc105f
- https://git.kernel.org/stable/c/8e6bfb4f70168ddfd32fb6dc028ad52faaf1f32e
- https://git.kernel.org/stable/c/a3a089c241cd49b33a8cdd7fcb37cc87a086912a
- https://git.kernel.org/stable/c/b05caf023b14cbed9223bb5b48ecc7bffe38f632
- https://git.kernel.org/stable/c/f1b98569e81c37d7e0deada7172f8f60860c1360
- https://git.kernel.org/stable/c/fa9b6b6c953e3f6441ed6cf83b4c771dac2dae08
- https://git.kernel.org/stable/c/5314454ea3ff6fc746eaf71b9a7ceebed52888fa
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.253
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.214
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.288
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.76
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.156