CVE-2024-47723 in Linuxinfo

Summary

by MITRE • 10/21/2024

In the Linux kernel, the following vulnerability has been resolved:

jfs: fix out-of-bounds in dbNextAG() and diAlloc()

In dbNextAG() , there is no check for the case where bmp->db_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. Therefore, a bounds check should be added in dbMount().

And in dbNextAG(), a check for the case where agpref is greater than bmp->db_numag should be added, so an out-of-bounds exception should be prevented.

Additionally, a check for the case where agno is greater or same than MAXAG should be added in diAlloc() to prevent out-of-bounds.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 01/19/2026

The vulnerability identified as CVE-2024-47723 represents a critical out-of-bounds memory access issue within the Linux kernel's JFS (Journaled File System) implementation. This flaw exists in the database management functions dbNextAG() and diAlloc() which are responsible for handling allocation groups within the file system structure. The vulnerability stems from insufficient boundary validation during file system mounting and allocation operations, creating potential pathways for malicious actors to exploit memory corruption through crafted file system images.

The technical implementation of this vulnerability occurs in multiple locations within the JFS subsystem where array bounds are not properly validated. In the dbNextAG() function, the system fails to validate that the bitmap's db_numag parameter remains within acceptable limits defined by MAXAG. When a polluted file system image is processed, this parameter can exceed or equal MAXAG, leading to memory access beyond allocated boundaries. The vulnerability also affects scenarios where agpref parameter exceeds bmp->db_numag, creating additional out-of-bounds conditions during allocation group traversal operations. Similarly, the diAlloc() function lacks validation for agno parameter against MAXAG limits, potentially causing memory corruption when processing allocation group numbers beyond system capacity.

The operational impact of this vulnerability extends beyond simple memory corruption, as it can potentially enable privilege escalation attacks and system instability. Attackers who can manipulate file system images or gain access to systems with mounted JFS volumes may exploit these bounds checking failures to execute arbitrary code or cause system crashes. The vulnerability affects systems running Linux kernels with JFS support, particularly those handling untrusted file system images or performing automated mounting operations. According to CWE classification, this represents a CWE-129: Improper Validation of Array Index vulnerability, while ATT&CK framework categorizes it under T1068: Exploitation for Privilege Escalation and T1499.2: Virtualization/Sandbox Evasion through kernel-level memory corruption techniques.

Mitigation strategies for CVE-2024-47723 require immediate kernel updates from vendors providing patched versions that include proper bounds checking in both dbNextAG() and diAlloc() functions. System administrators should prioritize patching affected systems and monitoring for unusual file system access patterns that might indicate exploitation attempts. Additional protective measures include implementing strict file system validation procedures for untrusted images, disabling automatic mounting of external storage devices, and maintaining comprehensive system logging to detect anomalous allocation group access patterns. The fix should include comprehensive input validation that prevents array indices from exceeding defined maximum values, ensuring that all parameter values are properly bounded before memory access operations occur. Organizations should also consider implementing runtime monitoring solutions that can detect and alert on memory access violations that may indicate exploitation attempts against this vulnerability.

Responsible

Linux

Reservation

09/30/2024

Disclosure

10/21/2024

Moderation

accepted

CPE

ready

EPSS

0.00286

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!