CVE-2024-38623

fs/ntfs3: Use variable length array instead of fixed size

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)

References

Link	Tags
https://git.kernel.org/stable/c/a2de301d90b782ac5d7a5fe32995caaee9ab3a0f	patch
https://git.kernel.org/stable/c/3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7	patch
https://git.kernel.org/stable/c/1fe1c9dc21ee52920629d2d9b9bd84358931a8d1	patch
https://git.kernel.org/stable/c/cceef44b34819c24bb6ed70dce5b524bd3e368d1	patch
https://git.kernel.org/stable/c/1997cdc3e727526aa5d84b32f7cbb3f56459b7ef	patch

Frequently Asked Questions

What is the severity of CVE-2024-38623?: CVE-2024-38623 has been scored as a critical severity vulnerability.
How to fix CVE-2024-38623?: To fix CVE-2024-38623, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-38623 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-38623 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-38623?: CVE-2024-38623 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-129 – Improper Validation of Array Index

References

Frequently Asked Questions