{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T00:22:09.536","vulnerabilities":[{"cve":{"id":"CVE-2024-56619","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-12-27T15:15:21.437","lastModified":"2025-11-03T21:18:09.053","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()\n\nSyzbot reported that when searching for records in a directory where the\ninode's i_size is corrupted and has a large value, memory access outside\nthe folio/page range may occur, or a use-after-free bug may be detected if\nKASAN is enabled.\n\nThis is because nilfs_last_byte(), which is called by nilfs_find_entry()\nand others to calculate the number of valid bytes of directory data in a\npage from i_size and the page index, loses the upper 32 bits of the 64-bit\nsize information due to an inappropriate type of local variable to which\nthe i_size value is assigned.\n\nThis caused a large byte offset value due to underflow in the end address\ncalculation in the calling nilfs_find_entry(), resulting in memory access\nthat exceeds the folio/page size.\n\nFix this issue by changing the type of the local variable causing the bit\nloss from \"unsigned int\" to \"u64\".  The return value of nilfs_last_byte()\nis also of type \"unsigned int\", but it is truncated so as not to exceed\nPAGE_SIZE and no bit loss occurs, so no change is required."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: se corrige un posible acceso a memoria fuera de los límites en nilfs_find_entry() Syzbot informó que al buscar registros en un directorio donde el i_size del inodo está dañado y tiene un valor grande, puede ocurrir un acceso a memoria fuera del rango de folio/página, o puede detectarse un error de use-after-free si KASAN está habilitado. Esto se debe a que nilfs_last_byte(), que es llamado por nilfs_find_entry() y otros para calcular la cantidad de bytes válidos de datos de directorio en una página a partir de i_size y el índice de página, pierde los 32 bits superiores de la información de tamaño de 64 bits debido a un tipo inadecuado de variable local a la que se asigna el valor de i_size. Esto causó un valor de desplazamiento de bytes grande debido al desbordamiento en el cálculo de la dirección final en la llamada nilfs_find_entry(), lo que resultó en un acceso a memoria que excede el tamaño de folio/página. Solucione este problema cambiando el tipo de la variable local que causa la pérdida de bits de \"unsigned int\" a \"u64\". El valor de retorno de nilfs_last_byte() también es del tipo \"unsigned int\", pero se trunca para no superar PAGE_SIZE y no se produce ninguna pérdida de bits, por lo que no se requiere ningún cambio."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"5.4.287","matchCriteriaId":"2D46A016-4FC6-416B-92D5-0A3833B3F57C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.231","matchCriteriaId":"B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.174","matchCriteriaId":"419FD073-1517-4FD5-8158-F94BC68A1E89"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.120","matchCriteriaId":"09AC6122-E2A4-40FE-9D33-268A1B2EC265"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndIncluding":"6.6.66","matchCriteriaId":"531ECA60-482F-48A9-924B-24405022FB0C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndIncluding":"6.12.5","matchCriteriaId":"33EC61E4-C15F-402A-A415-5745882E16D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*","matchCriteriaId":"62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/09d6d05579fd46e61abf6e457bb100ff11f3a9d3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/31f7b57a77d4c82a34ddcb6ff35b5aa577ef153e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/48eb6e7404948032bbe811c5affbe39f6b316951","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5af8366625182f01f6d8465c9a3210574673af57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/985ebec4ab0a28bb5910c3b1481a40fbf7f9e61d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c3afea07477baccdbdec4483f8d5e59d42a3f67f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e3732102a9d638d8627d14fdf7b208462f0520e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}