References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Known Affected Software Configurations Switch to CPE 2.2

Change History

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-617

OR
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.18 up to (excluding) 6.19.6

kernel.org: https://git.kernel.org/stable/c/b226804532a875c10276168dc55ce752944096bd Types: Patch

kernel.org: https://git.kernel.org/stable/c/b6536c1ced315fa645576d3a39c6e07f2a472962 Types: Patch

In the Linux kernel, the following vulnerability has been resolved:

hfs: Replace BUG_ON with error handling for CNID count checks

In a06ec283e125 next_id, folder_count, and file_count in the super block
info were expanded to 64 bits, and BUG_ONs were added to detect
overflow. This triggered an error reported by syzbot: if the MDB is
corrupted, the BUG_ON is triggered. This patch replaces this mechanism
with proper error handling and resolves the syzbot reported bug.

Singed-off-by: Jori Koolstra <[email protected]>

https://git.kernel.org/stable/c/b226804532a875c10276168dc55ce752944096bd

https://git.kernel.org/stable/c/b6536c1ced315fa645576d3a39c6e07f2a472962