CVE-2024-42299

Summary

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed

If an NTFS file system is mounted to another system with different PAGE_SIZE from the original system, log->page_size will change in log_replay(), but log->page_{mask,bits} don't change correspondingly. This will cause a panic because "u32 bytes = log->page_size - page_off" will get a negative value in the later read_log_page().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb46acd6a6a627d876898e1c84d3f84902264b445 < 0484adcb5fbcadd9ba0fd4485c42630f72e97da9affected
LinuxLinuxb46acd6a6a627d876898e1c84d3f84902264b445 < b90ceffdc975502bc085ce8e79c6adeff05f9521affected
LinuxLinuxb46acd6a6a627d876898e1c84d3f84902264b445 < 2cac0df3324b5e287d8020bc0708f7d2dec88a6faffected
LinuxLinuxb46acd6a6a627d876898e1c84d3f84902264b445 < 0a4ae2644e2a3b3b219aad9639fb2b0691d08420affected
LinuxLinuxb46acd6a6a627d876898e1c84d3f84902264b445 < 2fef55d8f78383c8e6d6d4c014b9597375132696affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.165 <= 5.15.*unaffected
LinuxLinux6.1.103 <= 6.1.*unaffected
LinuxLinux6.6.44 <= 6.6.*unaffected
LinuxLinux6.10.3 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References