CVE-2024-41014
Linux Kernel XFS Out-of-Bounds Read Vulnerability
Description
In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed members of xlog_op_header in the xlog_recover_process_data. We can create a crafted image to trigger an out of bounds read by following these steps: 1) Mount an image of xfs, and do some file operations to leave records 2) Before umounting, copy the image for subsequent steps to simulate abnormal exit. Because umount will ensure that tail_blk and head_blk are the same, which will result in the inability to enter xlog_recover_process_data 3) Write a tool to parse and modify the copied image in step 2 4) Make the end of the xlog_op_header entries only 1 byte away from xlog_rec_header->h_size 5) xlog_rec_header->h_num_logops++ 6) Modify xlog_rec_header->h_crc Fix: Add a check to make sure there is sufficient space to access fixed members of xlog_op_header.
INFO
Published Date :
July 29, 2024, 7:15 a.m.
Last Modified :
Dec. 14, 2024, 9:15 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
Exploitability Score :
Public PoC/Exploit Available at Github
CVE-2024-41014 has a 1 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-41014.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
C Shell Makefile
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-41014 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-41014 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Mar. 05, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Added CWE CWE-125 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 from (excluding) 6.6.64 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (excluding) 6.1.120 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 from (excluding) 6.11 Added Reference Type kernel.org: https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1 Types: Mailing List, Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143 Types: Mailing List, Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 Types: Mailing List, Patch Added Reference Type CVE: https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 Types: Mailing List, Patch -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Dec. 14, 2024
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143 -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Dec. 09, 2024
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1 -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jul. 29, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed members of xlog_op_header in the xlog_recover_process_data. We can create a crafted image to trigger an out of bounds read by following these steps: 1) Mount an image of xfs, and do some file operations to leave records 2) Before umounting, copy the image for subsequent steps to simulate abnormal exit. Because umount will ensure that tail_blk and head_blk are the same, which will result in the inability to enter xlog_recover_process_data 3) Write a tool to parse and modify the copied image in step 2 4) Make the end of the xlog_op_header entries only 1 byte away from xlog_rec_header->h_size 5) xlog_rec_header->h_num_logops++ 6) Modify xlog_rec_header->h_crc Fix: Add a check to make sure there is sufficient space to access fixed members of xlog_op_header. Added Reference kernel.org https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-41014 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-41014
weaknesses.