Vulnerability Database

311,378

Total vulnerabilities in the database

CVE-2024-26981

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix OOB in nilfs_set_de_type

The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is defined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function, which uses this array, specifies the index to read from the array in the same way as "(mode & S_IFMT) >> S_SHIFT".

static void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode *inode) { umode_t mode = inode->i_mode;

de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob

}

However, when the index is determined this way, an out-of-bounds (OOB) error occurs by referring to an index that is 1 larger than the array size when the condition "mode & S_IFMT == S_IFMT" is satisfied. Therefore, a patch to resize the nilfs_type_by_mode array should be applied to prevent OOB errors.

  • Published: May 1, 2024
  • Updated: Nov 5, 2025
  • CVE: CVE-2024-26981
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 6.9-rc3 6.9-rc3.x
linux / linux_kernel 6.9-rc4 6.9-rc4.x
linux / linux_kernel 6.7 6.8.8
linux / linux_kernel 6.9-rc1 6.9-rc1.x
linux / linux_kernel 6.9-rc2 6.9-rc2.x
linux / linux_kernel 5.11 5.15.157
linux / linux_kernel 6.2 6.6.29
linux / linux_kernel 5.16 6.1.88
linux / linux_kernel 5.5 5.10.216
linux / linux_kernel 4.20 5.4.275
linux / linux_kernel 2.6.30 4.19.313
debian / debian_linux 10.0 10.0.x