CVE-2024-41086
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-41086
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41086.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-41086
- Downstream
- Published
- 2024-07-29T15:48:02Z
- Modified
- 2025-10-21T23:51:45.616082Z
- Summary
- bcachefs: Fix sb_field_downgrade validation
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bcachefs: Fix sbfielddowngrade validation
bch2sbdowngrade_validate() wasn't checking for a downgrade entry extending past the end of the superblock section
foreachdowngradeentry() is used in totext() and needs to work on malformed input; it also was missing a check for a field extending past the end of the section
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced84f1638795da1ff2084597de4251e9054f1ad728Fixedbf920ed92ef24dcd6970c88881cd4700b3acf05b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced84f1638795da1ff2084597de4251e9054f1ad728Fixed692aa7a54b2b28d59f24b3bf8250837805484b99
Affected versions
v6.*
v6.7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
v6.9.7
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bf920ed92ef24dcd6970c88881cd4700b3acf05b",
"id": "CVE-2024-41086-160ba7ba",
"signature_version": "v1",
"target": {
"function": "bch2_sb_downgrade_validate",
"file": "fs/bcachefs/sb-downgrade.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "206594232440338923007967540274145177860",
"length": 478.0
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@692aa7a54b2b28d59f24b3bf8250837805484b99",
"id": "CVE-2024-41086-4ed99f4d",
"signature_version": "v1",
"target": {
"file": "fs/bcachefs/sb-downgrade.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"144551099581034698870758163326827738329",
"253796914449467364892211311626444696417",
"185150309336259057736213266949820009522",
"148387967292232073835861828309362331013",
"297115679867350588141988890459408101748",
"55737512875819521109710523037162318625",
"150288789733309214022796799535412188354",
"249773831588164096010214024727136061889"
]
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bf920ed92ef24dcd6970c88881cd4700b3acf05b",
"id": "CVE-2024-41086-5a75511a",
"signature_version": "v1",
"target": {
"file": "fs/bcachefs/sb-downgrade.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"144551099581034698870758163326827738329",
"253796914449467364892211311626444696417",
"185150309336259057736213266949820009522",
"298291322446803031443703289433294506380",
"132795801593087979497145648531139686486",
"55737512875819521109710523037162318625",
"150288789733309214022796799535412188354",
"249773831588164096010214024727136061889"
]
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@692aa7a54b2b28d59f24b3bf8250837805484b99",
"id": "CVE-2024-41086-c0f103aa",
"signature_version": "v1",
"target": {
"function": "bch2_sb_downgrade_validate",
"file": "fs/bcachefs/sb-downgrade.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "144117684023929568500986116636517580371",
"length": 492.0
}
}
]