In the Linux kernel, the following vulnerability has been resolved:
bcache: fix variable length array abuse in btree_iter
btree_iter is used in two ways: either allocated on the stack with a
fixed size MAX_BSETS, or from a mempool with a dynamic size based on the
specific cache set. Previously, the struct had a fixed-length array of
size MAX_BSETS which was indexed out-of-bounds for the dynamically-sized
iterators, which causes UBSAN to complain.
This patch uses the same approach as in bcachefs's sort_iter and splits
the iterator into a btree_iter with a flexible array member and a
btree_iter_stack which embeds a btree_iter as well as a fixed-length
data array.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-07-05T06:55:10.599Z
Updated: 2024-12-19T09:07:02.253Z
Reserved: 2024-06-25T14:23:23.746Z
Link: CVE-2024-39482
Vulnrichment
Updated: 2024-08-02T04:26:15.917Z
NVD
Status : Modified
Published: 2024-07-05T07:15:10.710
Modified: 2024-11-21T09:27:47.023
Link: CVE-2024-39482
Redhat