CVE-2024-50143
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
udf: fix uninit-value use in udf_get_fileshortad
Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2].
[1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5eb76fb98b3335aa5cca6a7db2e659561c79c32b | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 417bd613bdbe791549f7687bb1b9b8012ff111c2 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0ce61b1f6b32df822b59c680cbe8e5ba5d335742 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4fc0d8660e391dcd8dde23c44d702be1f6846c61 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 72e445df65a0aa9066c6fe2b8736ba2fcca6dac7 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1ac49babc952f48d82676979b20885e480e69be8 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < e52e0b92ed31dc62afbda15c243dcee0bb5bb58d | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 264db9d666ad9a35075cc9ed9ec09d021580fbb1 | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 4.19.323 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.285 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.246 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.170 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.115 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.59 <= 6.6.* | unaffected |
| Linux | Linux | 6.11.6 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
- https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b
- https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2
- https://git.kernel.org/stable/c/0ce61b1f6b32df822b59c680cbe8e5ba5d335742
- https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61
- https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7
- https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8
- https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d
- https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.