CVE-2024-26848

afs: Fix endless loop in directory parsing

References

https://cve.org/CVERecord/?id=CVE-2024-26848

Notes

 carnil> Introduced in 57e9d49c5452 ("afs: Hide silly-rename files from userspace").
 carnil> Vulnerable versions: 5.4.269 5.4.273 5.10.210 5.10.214 5.15.149 5.15.153 6.1.76
 carnil> 6.1.83 6.6.15 6.6.23 6.7.3 6.7.11 6.8-rc2.

Bugs

Status

Branch	Status
4.19-buster-security	N/A "Vulnerable code not present"
4.19-upstream-stable	N/A "Vulnerable code not present"
5.10-bullseye-security	released (5.10.216-1)
5.10-upstream-stable	released (5.10.214) [b94f434fe977689da4291dc21717790b9bd1c064]
6.1-bookworm-security	released (6.1.85-1)
6.1-upstream-stable	released (6.1.83) [76426abf9b980b46983f97de8e5b25047b4c9863]
6.6-upstream-stable	released (6.6.23) [106e14ca55a0acb3236ee98813a1d243f8aa2d05]
6.8-upstream-stable	released (6.8.2) [2afdd0cb02329464d77f3ec59468395c791a51a4]
sid	released (6.7.12-1)
upstream	released (6.8-rc7) [5f7a07646655fb4108da527565dcdc80124b14c4]