CVE-2024-47670

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Oct 9, 2024

Updated: Nov 8, 2024

CWE ID 787

Summary

CVE-2024-47670 is a recently identified vulnerability in the Linux kernel's ocfs2 file system. This issue impacts the function ocfs2_xattr_find_entry(), where bounds checking was missing, allowing potential out-of-bound memory access. A paranoia check has been added to prevent such access and ensure that the function only scans within the valid memory region containing ocfs2 extended attribute entries. By implementing this fix, the vulnerability is mitigated, safeguarding against potential attacks using crafted images.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zF9l0X
https://www.cve.org/CVERecord?id=CVE-2024-47670
https://nvd.nist.gov/vuln/detail/CVE-2024-47670

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-47670

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations