CVE-2024-26791

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Apr 4, 2024

Updated: Dec 20, 2024

CWE ID 125

Summary

CVE-2024-26791 is a vulnerability affecting the Linux kernel's btrfs file system. The issue lies in the dev-replace function where device name buffers are not adequately checked for string termination. This oversight could result in a read out-of-bounds error in getname_kernel(). To mitigate this issue, a new helper function has been added to validate both source and target device name buffers. In case of the source being a device ID, the buffer is initialized to an empty string to prevent unintended reading. This vulnerability was initially addressed differently by Edward Adam Davis, as reported in the associated links.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database