CVE-2024-47677

Summary

In the Linux kernel, the following vulnerability has been resolved:

exfat: resolve memory leak from exfat_create_upcase_table()

If exfat_load_upcase_table reaches end and returns -EINVAL, allocated memory doesn't get freed and while exfat_load_default_upcase_table allocates more memory, leading to a memory leak.

Here's link to syzkaller crash report illustrating this issue: https://syzkaller.appspot.com/text?tag=CrashReport&x=1406c201980000

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa13d1a4de3b0fe3c41d818697d691c886c5585fa < f9835aec49670c46ebe2973032caaa1043b3d4daaffected
LinuxLinuxa13d1a4de3b0fe3c41d818697d691c886c5585fa < 331ed2c739ce656a67865f6b3ee0a478349d78cbaffected
LinuxLinuxa13d1a4de3b0fe3c41d818697d691c886c5585fa < c290fe508eee36df1640c3cb35dc8f89e073c8a8affected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.10.13 <= 6.10.*unaffected
LinuxLinux6.11.2 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References