{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-47670","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-09-30T16:00:12.936Z","datePublished":"2024-10-09T14:49:11.938Z","dateUpdated":"2026-01-05T10:53:58.570Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-01-05T10:53:58.570Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn't stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match.  It will\nprevent out-of-bound access in case of crafted images."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ocfs2/xattr.c"],"versions":[{"version":"cf1d6c763fbcb115263114302485ad17e7933d87","lessThan":"b49a786beb11ff740cb9e0c20b999c2a0e1729c2","status":"affected","versionType":"git"},{"version":"cf1d6c763fbcb115263114302485ad17e7933d87","lessThan":"60c0d36189bad58b1a8e69af8781d90009559ea1","status":"affected","versionType":"git"},{"version":"cf1d6c763fbcb115263114302485ad17e7933d87","lessThan":"34759b7e4493d7337cbc414c132cef378c492a2c","status":"affected","versionType":"git"},{"version":"cf1d6c763fbcb115263114302485ad17e7933d87","lessThan":"5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd","status":"affected","versionType":"git"},{"version":"cf1d6c763fbcb115263114302485ad17e7933d87","lessThan":"9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f","status":"affected","versionType":"git"},{"version":"cf1d6c763fbcb115263114302485ad17e7933d87","lessThan":"1f6e167d6753fe3ea493cdc7f7de8d03147a4d39","status":"affected","versionType":"git"},{"version":"cf1d6c763fbcb115263114302485ad17e7933d87","lessThan":"8e7bef408261746c160853fc27df3139659f5f77","status":"affected","versionType":"git"},{"version":"cf1d6c763fbcb115263114302485ad17e7933d87","lessThan":"9e3041fecdc8f78a5900c3aa51d3d756e73264d6","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ocfs2/xattr.c"],"versions":[{"version":"2.6.28","status":"affected"},{"version":"0","lessThan":"2.6.28","status":"unaffected","versionType":"semver"},{"version":"4.19.323","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.285","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.227","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.168","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.112","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.53","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.12","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"4.19.323"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"5.4.285"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"5.10.227"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"5.15.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"6.1.112"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"6.6.53"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"6.10.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"6.11"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/b49a786beb11ff740cb9e0c20b999c2a0e1729c2"},{"url":"https://git.kernel.org/stable/c/60c0d36189bad58b1a8e69af8781d90009559ea1"},{"url":"https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c"},{"url":"https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd"},{"url":"https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f"},{"url":"https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39"},{"url":"https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77"},{"url":"https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6"}],"title":"ocfs2: add bounds checking to ocfs2_xattr_find_entry()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-10T13:20:40.243320Z","id":"CVE-2024-47670","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-10T13:20:54.800Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:20:36.160Z"}}]}}