CVE-2024-38604

Summary

In the Linux kernel, the following vulnerability has been resolved:

block: refine the EOF check in blkdev_iomap_begin

blkdev_iomap_begin rounds down the offset to the logical block size before stashing it in iomap->offset and checking that it still is inside the inode size.

Check the i_size check to the raw pos value so that we don't try a zero size write if iter->pos is unaligned.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux487c607df790d366e67a7d6a30adf785cdd98e55 < 910717920c8c3f9386277a44c44d448058a18084affected
LinuxLinux487c607df790d366e67a7d6a30adf785cdd98e55 < 72c54e063c32aeb38d43a2bd897821e6e5a1757daffected
LinuxLinux487c607df790d366e67a7d6a30adf785cdd98e55 < 10b723bcba8986537a484aa94dbfc9093fd776a1affected
LinuxLinux487c607df790d366e67a7d6a30adf785cdd98e55 < 0c12028aec837f5a002009bbf68d179d506510e8affected
LinuxLinux6.6affected
LinuxLinux0 < 6.6unaffected
LinuxLinux6.6.33 <= 6.6.*unaffected
LinuxLinux6.8.12 <= 6.8.*unaffected
LinuxLinux6.9.3 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References