← back
CVE-2024-38623

fs/ntfs3: Use variable length array instead of fixed size

CVSS 9.8 CRITICALEPSS 0.8%CWE-129
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.8%KEV nãoPoC Patch
Lifecycle
21 Jun 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Linux · Linux

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://git.kernel.org/stable/c/1997cdc3e727526aa5d84b32f7cbb3f56459b7efhttps://git.kernel.org/stable/c/1fe1c9dc21ee52920629d2d9b9bd84358931a8d1https://git.kernel.org/stable/c/3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7https://git.kernel.org/stable/c/a2de301d90b782ac5d7a5fe32995caaee9ab3a0fhttps://git.kernel.org/stable/c/cceef44b34819c24bb6ed70dce5b524bd3e368d1