CVE-2024-50143

Summary

In the Linux kernel, the following vulnerability has been resolved:

udf: fix uninit-value use in udf_get_fileshortad

Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2].

[1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5eb76fb98b3335aa5cca6a7db2e659561c79c32baffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 417bd613bdbe791549f7687bb1b9b8012ff111c2affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0ce61b1f6b32df822b59c680cbe8e5ba5d335742affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4fc0d8660e391dcd8dde23c44d702be1f6846c61affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 72e445df65a0aa9066c6fe2b8736ba2fcca6dac7affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1ac49babc952f48d82676979b20885e480e69be8affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < e52e0b92ed31dc62afbda15c243dcee0bb5bb58daffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 264db9d666ad9a35075cc9ed9ec09d021580fbb1affected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux4.19.323 <= 4.19.*unaffected
LinuxLinux5.4.285 <= 5.4.*unaffected
LinuxLinux5.10.246 <= 5.10.*unaffected
LinuxLinux5.15.170 <= 5.15.*unaffected
LinuxLinux6.1.115 <= 6.1.*unaffected
LinuxLinux6.6.59 <= 6.6.*unaffected
LinuxLinux6.11.6 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References