CVE-2024-39482
Published: Jul 5, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: bcache: fix variable length array abuse in btree_iter btree_iter is used in two ways: either allocated on the stack with a fixed size MAX_BSETS, or from a mempool with a dynamic size based on the specific cache set. Previously, the struct had a fixed-length array of size MAX_BSETS which was indexed out-of-bounds for the dynamically-sized iterators, which causes UBSAN to complain. This patch uses the same approach as in bcachefs's sort_iter and splits the iterator into a btree_iter with a flexible array member and a btree_iter_stack which embeds a btree_iter as well as a fixed-length data array.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected cafe563591446cf80bfbc2fe3bc72a2e36cf1060 - < 2c3d7b03b658dc8bfa6112b194b67b92a87e081baffected cafe563591446cf80bfbc2fe3bc72a2e36cf1060 - < 5a1922adc5798b7ec894cd3f197afb6f9591b023affected cafe563591446cf80bfbc2fe3bc72a2e36cf1060 - < 934e1e4331859183a861f396d7dfaf33cb5afb02affected cafe563591446cf80bfbc2fe3bc72a2e36cf1060 - < 6479b9f41583b013041943c4602e1ad61cec8148affected cafe563591446cf80bfbc2fe3bc72a2e36cf1060 - < 0c31344e22dd8d6b1394c6e4c41d639015bdc671+1 more versions |
Linux | Linux | affected 3.10unaffected 0 - < 3.10unaffected 5.10.221 - <= 5.10.*unaffected 5.15.162 - <= 5.15.*unaffected 6.1.94 - <= 6.1.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now