CVE-2024-49994
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: fix integer overflow in BLKSECDISCARD
I independently rediscovered
commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155
block: fix overflow in blk_ioctl_discard()
but for secure erase.
Same problem:
uint64_t r[2] = {512, 18446744073709551104ULL};
ioctl(fd, BLKSECDISCARD, r);
will enter near infinite loop inside blkdev_issue_secure_erase():
a.out: attempt to access beyond end of device
loop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048
bio_check_eod: 3286214 callbacks suppressed
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 44abff2c0b970ae3d310b97617525dc01f248d7c < 8476f8428e8b48fd7a0e4258fa2a96a8f4468239 | affected |
| Linux | Linux | 44abff2c0b970ae3d310b97617525dc01f248d7c < a99bacb35c1416355eef957560e8fcac3a665549 | affected |
| Linux | Linux | 44abff2c0b970ae3d310b97617525dc01f248d7c < 0842ddd83939eb4db940b9af7d39e79722bc41aa | affected |
| Linux | Linux | 44abff2c0b970ae3d310b97617525dc01f248d7c < 6c9915fa9410cbb9bd75ee283c03120046c56d3d | affected |
| Linux | Linux | 44abff2c0b970ae3d310b97617525dc01f248d7c < 697ba0b6ec4ae04afb67d3911799b5e2043b4455 | affected |
| Linux | Linux | 5.19 | affected |
| Linux | Linux | 0 < 5.19 | unaffected |
| Linux | Linux | 6.1.128 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.75 <= 6.6.* | unaffected |
| Linux | Linux | 6.10.14 <= 6.10.* | unaffected |
| Linux | Linux | 6.11.3 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
- https://git.kernel.org/stable/c/8476f8428e8b48fd7a0e4258fa2a96a8f4468239
- https://git.kernel.org/stable/c/a99bacb35c1416355eef957560e8fcac3a665549
- https://git.kernel.org/stable/c/0842ddd83939eb4db940b9af7d39e79722bc41aa
- https://git.kernel.org/stable/c/6c9915fa9410cbb9bd75ee283c03120046c56d3d
- https://git.kernel.org/stable/c/697ba0b6ec4ae04afb67d3911799b5e2043b4455
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.